github.com/caddyserver/caddy/v2/modules/caddyhttp/proxyprotocol

No package summary is available.

Package

Files: 3. Third party imports: 1. Imports from organisation: 0. Tests: 0. Benchmarks: 0.

Constants

Vars

Types

ListenerWrapper

ListenerWrapper provides PROXY protocol support to Caddy by implementing the caddy.ListenerWrapper interface. If a connection is received via Unix socket, it's trusted. Otherwise, it's checked against the Allow/Deny lists, then it's handled by the FallbackPolicy.

It must be loaded before the tls listener because the PROXY protocol encapsulates the TLS data.

Credit goes to https://github.com/mastercactapus/caddy2-proxyprotocol for having initially implemented this as a plugin.

Field name	Field type	Comment
Timeout	`caddy.Duration`	Timeout specifies an optional maximum time for the PROXY header to be received. If zero, timeout is disabled. Default is 5s.
Allow	`[]string`	Allow is an optional list of CIDR ranges to allow/require PROXY headers from.
allow	`[]netip.Prefix`	No comment on field.
Deny	`[]string`	Deny is an optional list of CIDR ranges to deny PROXY headers from.
deny	`[]netip.Prefix`	No comment on field.
FallbackPolicy	`Policy`	FallbackPolicy specifies the policy to use if the downstream IP address is not in the Allow list nor is in the Deny list. NOTE: The generated docs which describe the value of this field is wrong because of how this type unmarshals JSON in a custom way. The field expects a string, not a number. Accepted values are: IGNORE, USE, REJECT, REQUIRE, SKIP IGNORE: address from PROXY header, but accept connection USE: address from PROXY header REJECT: connection when PROXY header is sent Note: even though the first read on the connection returns an error if a PROXY header is present, subsequent reads do not. It is the task of the code using the connection to handle that case properly. REQUIRE: connection to send PROXY header, reject if not present Note: even though the first read on the connection returns an error if a PROXY header is not present, subsequent reads do not. It is the task of the code using the connection to handle that case properly. SKIP: accepts a connection without requiring the PROXY header. Note: an example usage can be found in the SkipProxyHeaderForCIDR function. Default: IGNORE Policy definitions are here: https://pkg.go.dev/github.com/pires/go-proxyproto@v0.7.0#Policy
policy	`goproxy.ConnPolicyFunc`	No comment on field.

Policy

This type doesn't have documentation.

Field name	Field type	Comment
type	`int`	No comment on field.

Functions

func (*ListenerWrapper) Provision

Provision sets up the listener wrapper.

Uses: goproxy.ConnPolicyOptions, goproxy.Policy, goproxy.REJECT, goproxy.USE, net.SplitHostPort, netip.ParseAddr, netip.ParsePrefix.

func (*ListenerWrapper) UnmarshalCaddyfile

UnmarshalCaddyfile sets up the listener Listenerwrapper from Caddyfile tokens. Syntax:

proxy_protocol {
	timeout <duration>
	allow <IPs...>
	deny <IPs...>
	fallback_policy <policy>
}

func (*ListenerWrapper) WrapListener

WrapListener adds PROXY protocol support to the listener.

Uses: goproxy.Listener, time.Duration.

func (*Policy) UnmarshalText

UnmarshalText implements the text unmarshaller method.

func (ListenerWrapper) CaddyModule

func (Policy) MarshalText

MarshalText implements the text marshaller method.

Private functions

func init

func parsePolicy

References: fmt.Errorf, strings.ToUpper.