You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "Goldstein Lyor (JIRA)" <ji...@apache.org> on 2016/02/26 06:22:18 UTC

[jira] [Commented] (SSHD-656) Support The PROXY protocol

    [ https://issues.apache.org/jira/browse/SSHD-656?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15168459#comment-15168459 ] 

Goldstein Lyor commented on SSHD-656:
-------------------------------------

Feel free to go ahead and publish a pull request for it - see https://github.com/apache/mina-sshd/commit/ec56d2ab6c0a0923d8310976530e7c8bf1144d13 for a mechanism I added for this very purpose. Basically, you need to write a _ClientProxyConnector_ and _ServerProxyAcceptor_ that implement the protocol you describe. If you do go ahead with this, then please open a *separate* module folder for it - e.g., _sshd-haproxy_ (similar to _sshd-ldap_) since this is a "plugin" that one can use rather than a core feature.

> Support The PROXY protocol
> --------------------------
>
>                 Key: SSHD-656
>                 URL: https://issues.apache.org/jira/browse/SSHD-656
>             Project: MINA SSHD
>          Issue Type: New Feature
>            Reporter: Eugene Petrenko
>            Priority: Minor
>
> Load Balancing and other higher availability services are included between client and SSHD server and works on TCP level. This makes an actual client address shown in the SSHD server to be a load balancer address, not a real client address. This makes it hard to use SSHD for multi-node production scenarios. 
>  
> There are several ways to solve the issue.
> The first one is to include complex TCP routing to have specific packets delivered correctly. This is too hard to setup
> It looks like using {{The PROXY Protocol}} is the possible, easy and more or less standard way to pass actual client/server addresses to the server over TCP.  The protocol is  implemented by a number of TCP-based servers (including nginx, Amazon Load Balancer, Apache, github enterprise, see the link below for details)
> Protocol specification is here 
> http://www.haproxy.org/download/1.6/doc/proxy-protocol.txt



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)