You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "ouvtam (Jira)" <se...@james.apache.org> on 2022/08/17 12:28:00 UTC

[jira] [Comment Edited] (JAMES-3788) Support for HAProxy Proxy Protocol

    [ https://issues.apache.org/jira/browse/JAMES-3788?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17575061#comment-17575061 ] 

ouvtam edited comment on JAMES-3788 at 8/17/22 12:27 PM:
---------------------------------------------------------

I started implementing proxy support on netty level by adding netty's HAProxyMessageDecoder. Since HAProxyMessageDecoder requires netty 4.x it will be only available for James 3.8.x.

One issue I'm currently facing is HAProxyMessageDecoder throws an exception if no PROXY command was issued. This would mean if you enable proxy support, then it's currently not possible to talk directly to James. I will solve that.

I think nginx does not use the same proxy protocol rather an HTTP-ish protocol (see [https://docs.nginx.com/nginx/admin-guide/mail-proxy/mail-proxy/#setting-up-authentication-for-a-mail-proxy]).

Regarding traefik I think we are lucky (see [https://github.com/traefik/traefik/pull/7320|https://github.com/traefik/traefik/pull/7320]). 


was (Author: JIRAUSER291242):
I started implementing proxy support on netty level by adding netty's HAProxyMessageDecoder. Since HAProxyMessageDecoder requires netty 4.x it will be only available for James 3.8.x.

One issue I'm currently facing is HAProxyMessageDecoder throws an exception if no PROXY command was issued. This would mean if you enable proxy support, then it's currently not possible to talk directly to James. I will solve that.

I think nginx does not use the same proxy protocol rather an HTTP-ish protocol (see [https://docs.nginx.com/nginx/admin-guide/mail-proxy/mail-proxy/#setting-up-authentication-for-a-mail-proxy).]

Regarding traefik I think we are lucky (see [https://github.com/traefik/traefik/pull/7320).] 

> Support for HAProxy Proxy Protocol
> ----------------------------------
>
>                 Key: JAMES-3788
>                 URL: https://issues.apache.org/jira/browse/JAMES-3788
>             Project: James Server
>          Issue Type: New Feature
>          Components: protocols
>            Reporter: ouvtam
>            Priority: Minor
>          Time Spent: 2h 40m
>  Remaining Estimate: 0h
>
> As proposed in the gitter channel I would like to add support for HAProxy's PROXY protocol ([https://www.haproxy.org/download/2.7/doc/proxy-protocol.txt|https://www.haproxy.org/download/2.7/doc/proxy-protocol.txt).]).
> This allows to run James behind HAProxy (i.e. load balancing multiple James instances). In order to properly support the proxy protocol James needs to parse the provided PROXY arguments from HAProxy (remote ip address, remote port etc.) and store it in the SMTPSession for further processing (e.g. DNSRBL check, Authorized Networks etc.). Otherwise James uses HAProxy's address (e.g. localhost) as remote address.
> For instance, HAProxy sends following line after connecting:
> {code:java}
> "PROXY TCP4 255.255.255.255 255.255.255.255 65535 65535\r\n" {code}
> Netty already provides a codec for HAProxy's protocol (io.netty.handler.codec.haproxy), so this can be implemented in the transport layer of James.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org