mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Goldstein Lyor (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SSHD-656) Support The PROXY protocol
Date Fri, 26 Feb 2016 05:22:18 GMT

    [ https://issues.apache.org/jira/browse/SSHD-656?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15168459#comment-15168459
] 

Goldstein Lyor commented on SSHD-656:
-------------------------------------

Feel free to go ahead and publish a pull request for it - see https://github.com/apache/mina-sshd/commit/ec56d2ab6c0a0923d8310976530e7c8bf1144d13
for a mechanism I added for this very purpose. Basically, you need to write a _ClientProxyConnector_
and _ServerProxyAcceptor_ that implement the protocol you describe. If you do go ahead with
this, then please open a *separate* module folder for it - e.g., _sshd-haproxy_ (similar to
_sshd-ldap_) since this is a "plugin" that one can use rather than a core feature.

> Support The PROXY protocol
> --------------------------
>
>                 Key: SSHD-656
>                 URL: https://issues.apache.org/jira/browse/SSHD-656
>             Project: MINA SSHD
>          Issue Type: New Feature
>            Reporter: Eugene Petrenko
>            Priority: Minor
>
> Load Balancing and other higher availability services are included between client and
SSHD server and works on TCP level. This makes an actual client address shown in the SSHD
server to be a load balancer address, not a real client address. This makes it hard to use
SSHD for multi-node production scenarios. 
>  
> There are several ways to solve the issue.
> The first one is to include complex TCP routing to have specific packets delivered correctly.
This is too hard to setup
> It looks like using {{The PROXY Protocol}} is the possible, easy and more or less standard
way to pass actual client/server addresses to the server over TCP.  The protocol is  implemented
by a number of TCP-based servers (including nginx, Amazon Load Balancer, Apache, github enterprise,
see the link below for details)
> Protocol specification is here 
> http://www.haproxy.org/download/1.6/doc/proxy-protocol.txt



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message