PROXY protocol revisited
Dag Haavi Finstad
daghf at varnish-software.com
Tue Nov 11 17:41:00 CET 2014
Hi guys
I've been looking into implementing the PROXY protocol[1] for Varnish
4. This has been discussed several times before, in particular it
seems some consensus was found at VDD13Q4 in Berlin last year [2].
This was regarding the interface in terms of specifying the listening
socket (-a) and the VCL *.ip bits. I was not present at this VDD
myself, so I'd just like to discuss and perhaps get some verification
as to what was agreed.
As for the -a listening argument, this ties into how it should be
handled for HTTP/2. From reading the notes, the agreed upon syntax was
-a PROTO at IP:0
Is the PROTO@ part mandatory, or is there a fallback when it's left
out (e.g. plain old '-a :80')? I think it makes most sense to have the
fallback value be HTTP/1.1 that also supports HTTP/2 via Upgrade [3].
If we are also going to have a way of specifying the protocol to be
exclusively HTTP/1 or HTTP/2 [4], we could use values 'http1' and
'http2' to denote that.
Further, a PROXY protocol listen socket is specified like this:
-a proxy at 192.168.1.10:8081
The PROXY implementation will hand over to the HTTP/1 FSM after
processing the PROXY header. From my understanding the PROXY protocol
is not specified for HTTP/2, so the connection here must stick with
HTTP/1. Also, any incoming request on this interface not containing a
valid PROXY header must be rejected.
As for the VCL bits, I'm very happy with what was agreed upon at
VDD13Q4 (local.ip, remote.ip, client.ip, server.ip).
I don't see any mention of logging having been discussed, but I think
it makes sense to have SessOpen use local.ip/remote.ip, while ReqStart
should use server.ip/client.ip. varnishncsa will then use client.ip
for logging the client host (%h).
Opinions, input, comments?
[1]: http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt
[2]: https://www.varnish-cache.org/trac/wiki/VDD13Q4#PROXY
[3]: https://tools.ietf.org/html/draft-ietf-httpbis-http2-15#section-3.2
[4]: https://tools.ietf.org/html/draft-ietf-httpbis-http2-15#section-3.4
--
Dag Haavi Finstad
Software Developer | Varnish Software
Mobile: +47 476 64 134
We Make Websites Fly!
More information about the varnish-dev
mailing list