PROXY v1 and Pre-SSL PROXY #1251
Unanswered
hermanbanken
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
The current ProxyParser is limited to PROXY v2, and runs áfter SSL, if I read the source correctly. There are many tradeoffs and opinions in these waters, and I'm not sure if there is a right one, but correct me if I'm wrong.
Consider a use case like this:
First of, Google Cloud Platform only supports PROXY v1. This is a choice, and while one could argue for PROXY v2 support, it is not there yet. Therefore, the PROXY protocol support can't be used with Google's load balancers.
Secondly, were we to add PROXY v1 support (I was trying this, but struggling due to not having to much cpp experience), then the PROXY v1 is written on the TCP connection, not inside the SSL connection. So unless we offload SSL at the load balancer OR use a different SSL connection downstream, this won't work.
What are your thoughts on this?
Beta Was this translation helpful? Give feedback.
All reactions