Add support for proxy_protocol in proxy_hosts and streams

Closes #1114
Related To #1882
Related To #3537
Related To #3618

Co-authored-by: jwklijnsma <janwiebe@janwiebe.eu>
Co-authored-by: SBado <16034687+SBado@users.noreply.github.com>

backend/templates/_listen.conf

@@ -1,20 +1,34 @@
-  listen 80;
-{% if ipv6 -%}
-  listen [::]:80;
+
+{% if proxy_protocol_enabled == 1 or proxy_protocol_enabled == true -%}
+{% assign port_number_http = "88" -%}
+{% assign port_number_https = "444" -%}
+{% assign listen_extra_args = "proxy_protocol" -%}
 {% else -%}
-  #listen [::]:80;
-{% endif %}
+{% assign port_number_http = "80" -%}
+{% assign port_number_https = "443" -%}
+{% assign listen_extra_args = "" -%}
+{% endif -%}
+
+  listen {{ port_number_http }} {{ listen_extra_args }};
+{% if ipv6 -%}
+  listen [::]:{{ port_number_http }} {{ listen_extra_args }};
+{% else -%}
+  #listen [::]:{{ port_number_http }} {{ listen_extra_args }};
+{% endif -%}
+
 {% if certificate -%}
-  listen 443 ssl;
+{% capture listen_extra_args_https %}ssl {{ listen_extra_args }}{% endcapture -%}
+  listen {{ port_number_https }} {{ listen_extra_args_https }};
 {% if ipv6 -%}
-  listen [::]:443 ssl;
+  listen [::]:{{ port_number_https }} {{ listen_extra_args_https }};
 {% else -%}
-  #listen [::]:443;
-{% endif %}
-{% endif %}
+  #listen [::]:{{ port_number_https }} {{ listen_extra_args_https }};
+{% endif -%}
+{% endif -%}
+
   server_name {{ domain_names | join: " " }};
 {% if http2_support == 1 or http2_support == true %}
   http2 on;
 {% else -%}
   http2 off;
-{% endif %}
+{% endif %}

backend/templates/_proxy_protocol.conf

@@ -0,0 +1,6 @@
+{% if proxy_protocol_enabled == 1 or proxy_protocol_enabled == true %}
+{% if loadbalancer_address != '' %}
+  set_real_ip_from {{ loadbalancer_address }};
+  real_ip_header proxy_protocol;
+{% endif %}
+{% endif %}

backend/templates/proxy_host.conf

@@ -15,6 +15,7 @@ server {
 {% include "_exploits.conf" %}
 {% include "_hsts.conf" %}
 {% include "_forced_ssl.conf" %}
+{% include "_proxy_protocol.conf" %}
 
 {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
 proxy_set_header Upgrade $http_upgrade;

backend/templates/stream.conf

@@ -1,31 +1,38 @@
 # ------------------------------------------------------------
 # {{ incoming_port }} TCP: {{ tcp_forwarding }} UDP: {{ udp_forwarding }}
 # ------------------------------------------------------------
+{% if proxy_protocol_enabled == 1 or proxy_protocol_enabled == true -%}
+{% capture listen_extra_args %}proxy_protocol{% endcapture -%}
+{% endif -%}
 
 {% if enabled %}
 {% if tcp_forwarding == 1 or tcp_forwarding == true -%}
 server {
-  listen {{ incoming_port }};
+  listen {{ incoming_port }} {{ listen_extra_args }};
 {% if ipv6 -%}
-  listen [::]:{{ incoming_port }};
+  listen [::]:{{ incoming_port }} {{ listen_extra_args }};
 {% else -%}
-  #listen [::]:{{ incoming_port }};
+  #listen [::]:{{ incoming_port }}{{ listen_extra_args }};
 {% endif %}
 
   proxy_pass {{ forwarding_host }}:{{ forwarding_port }};
 
+{% include '_proxy_protocol.conf' %}
+
   # Custom
   include /data/nginx/custom/server_stream[.]conf;
   include /data/nginx/custom/server_stream_tcp[.]conf;
 }
 {% endif %}
 {% if udp_forwarding == 1 or udp_forwarding == true %}
+{% # Proxy Protocol is not supported for UDP %}
+{% assign listen_extra_args = "" %}
 server {
-  listen {{ incoming_port }} udp;
+  listen {{ incoming_port }} udp {{ listen_extra_args }};
 {% if ipv6 -%}
-  listen [::]:{{ incoming_port }} udp;
+  listen [::]:{{ incoming_port }} udp {{ listen_extra_args }};
 {% else -%}
-  #listen [::]:{{ incoming_port }} udp;
+  #listen [::]:{{ incoming_port }} udp {{ listen_extra_args }};
 {% endif %}
   proxy_pass {{ forwarding_host }}:{{ forwarding_port }};