You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2022/08/15 22:37:00 UTC

[jira] [Work logged] (ARTEMIS-3915) Support Proxy protocol (HAProxy) on Artemis acceptors

     [ https://issues.apache.org/jira/browse/ARTEMIS-3915?focusedWorklogId=800753&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-800753 ]

ASF GitHub Bot logged work on ARTEMIS-3915:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 15/Aug/22 22:36
            Start Date: 15/Aug/22 22:36
    Worklog Time Spent: 10m 
      Work Description: rtista opened a new pull request, #4179:
URL: https://github.com/apache/activemq-artemis/pull/4179

   Hey guys,
   
   As discussed in a thread on the developers mailing list, I've created [ARTEMIS-3915](https://issues.apache.org/jira/browse/ARTEMIS-3915) and have started developing support for HAProxy PROXY protocol on Artemis acceptors.
   
   I think I've modified all the right places, and the changes are fairly simple to review, I'm a bit unsure about the channel pipeline modification, but I think it makes sense for the PROXY protocol handler, if configured, to be the first in the pipeline as it represents the frontier protocol, sicne any other handler will need the packets to first be decoded from PROXY protocol into something else that they understand.
   
   My work is mostly based on the [examples from Netty](https://github.com/netty/netty/blob/4.1/example/src/main/java/io/netty/example/haproxy/HAProxyServer.java#L59).
   
   However I have some doubts:
   1. Is there any way to run the broker locally, so I can test the workflow with an HAProxy local instance (i.e. docker)?
   2. Which kind of tests should I develop for this change? I've noticed the NettyAcceptorTest.java class (and the createServer() function) which I think allows me to start a broker instance with PROXY protocol enabled configured acceptors, but I'm unsure of how to send PROXY protocol encoded messages to each of the acceptors and validate the correct operation of the broker. Below is a sketch of what I've locally added to the test class:
   
   ```java
   @Test
   public void testHAProxyProxyProtocolConfiguration() throws Exception {
   
       // Create ActiveMQ Server
       ActiveMQServer server = createServer(false, createDefaultInVMConfig());
   
       // Add all supported acceptors with proxy protocol option enabled
       server.getConfiguration().addAcceptorConfiguration("mqtt", "tcp://127.0.0.1:1883?proxyProtocolEnabled=true");
       server.getConfiguration().addAcceptorConfiguration("hornetq", "tcp://127.0.0.1:5445?proxyProtocolEnabled=true");
       server.getConfiguration().addAcceptorConfiguration("amqp", "tcp://127.0.0.1:5672?proxyProtocolEnabled=true");
       server.getConfiguration().addAcceptorConfiguration("stomp", "tcp://127.0.0.1:61613?proxyProtocolEnabled=true");
       server.getConfiguration().addAcceptorConfiguration("openwire", "tcp://127.0.0.1:61616?proxyProtocolEnabled=true");
   
       // Start the server
       server.start();
   
       // TODO: Send packets into each of the configured protocol acceptors
   }
   ```
   I still intend to add some documentation about the this theme, and maybe an example of a cluster deployed with an HAProxy instance which should be of great aid to new users which require a robust high availability solution, but I'd like to first close the implementation details.




Issue Time Tracking
-------------------

            Worklog Id:     (was: 800753)
    Remaining Estimate: 0h
            Time Spent: 10m

> Support Proxy protocol (HAProxy) on Artemis acceptors
> -----------------------------------------------------
>
>                 Key: ARTEMIS-3915
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3915
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>          Components: Broker
>            Reporter: João Santos
>            Priority: Minor
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> [HAProxy|http://www.haproxy.org/] is a widely known and used TCP Load Balancer and especially useful for an ActiveMQ Artemis clustered environment.
> Although possible to functionally implement with both products current features, Artemis does not support the PROXY protocol, which prevents it's broker nodes from inferring the real remote client IP address when behind an HAProxy instance.
> Since Netty sockets implementation already seems to support this protocol (discussed w/ [~jbertram] on DEV mailing list), it shouldn't be a big leap to adding support for the protocol on Artemis acceptors, thus improving the deployment of the use case at hand.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)