Welcome! Log In Create A New Profile

Advanced

Re: [PATCH] Add support for Proxy Protocol to mail SMTP

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Vladimirsky
November 03, 2016 01:42PM
Thanks for quick response. See my comment below:

On Thu, Nov 3, 2016 at 10:13 AM, Maxim Dounin <mdounin@mdounin.ru> wrote:

> Hello!
>
> On Thu, Nov 03, 2016 at 09:41:03AM -0700, Maxim Vladimirsky wrote:
>
> > Hi Folks,
> >
> > I was not sure if you would be interested in this, but decided to run it
> by
> > you anyway.
> >
> > We need to run Nginx as an SMTP proxy sitting behind ELB in AWS, but we
> > also want the upstream SMTP server to get the real client ip, so Nginx is
> > configured to provide it via an XCLIENT command. However the stock
> version
> > of Nginx provides ELB's ip instead, because it does not recognize the
> Proxy
> > Protocol header (http://docs.aws.amazon.com/elasticloadbalancing/latest/
> > classic/enable-proxy-protocol.html#proxy-protocol) sent to it by ELB.
>
> Seems to be perfectly valid use case.
>
> > The following patch updates the mail module so that it can be configured
> to
> > expect Proxy Protocol header by setting `proxy_protocol on`. In that case
> > Proxy Protocol header is parsed, a client IP is retrieved and passed to
> an
> > SMTP upstream in an XCLIENT command.
>
> The "proxy_protocol on" is expected to configure sending PROXY
> protocol to an upstream server, similar to how it already works in
> the stream module:
>
> http://nginx.org/en/docs/stream/ngx_stream_proxy_
> module.html#proxy_protocol
>
> Accepting PROXY protocol from clients is expected to be enabled
> using a listening socket option instead, similar to what we have
> in http and stream modules:
>
> http://nginx.org/en/docs/http/ngx_http_core_module.html#listen
> http://nginx.org/en/docs/stream/ngx_stream_core_module.html#listen


I will fix that.


>
>
> Open question is how it should work though. I.e., if it should
> just unconditionally set provided address as a client one, similar
> to how
>
> listen 80 proxy_protocol;
> real_ip_header proxy_protocol;
> set_real_ip_from 0.0.0.0/0;
>
> works in stream / http, or there should be some advanced control
> like the realip module in stream / http.
>

Taking ip from Proxy Protocol header and passing in via XCLIENT is really
all we need, and I cannot even think of a scenario where we would need any
kind of fine tuning of this logic. So this is probably a question to a
broader audience.


>
> --
> Maxim Dounin
> http://nginx.org/
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

[PATCH] Add support for Proxy Protocol to mail SMTP

Maxim Vladimirsky 648 November 03, 2016 12:42PM

Re: [PATCH] Add support for Proxy Protocol to mail SMTP

Maxim Dounin 317 November 03, 2016 01:14PM

Re: [PATCH] Add support for Proxy Protocol to mail SMTP

Maxim Vladimirsky 284 November 03, 2016 01:42PM

Re: [PATCH] Add support for Proxy Protocol to mail SMTP

Maxim Vladimirsky 478 November 03, 2016 08:12PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 188
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready