ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-08-21 00:17:38 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

add PROXY to stream hosts.

Browse Source
This commit is contained in:
baudneo
2022-10-10 13:59:59 -06:00
parent b8978cb955
commit 5970b74321
11 changed files with 170 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
backend/internal/nginx.js
View File

@@ -158,6 +158,9 @@ const internalNginx = {
let locationCopy = Object.assign({}, {access_list_id: host.access_list_id}, {certificate_id: host.certificate_id}, let locationCopy = Object.assign({}, {access_list_id: host.access_list_id}, {certificate_id: host.certificate_id},
{ssl_forced: host.ssl_forced}, {caching_enabled: host.caching_enabled}, {block_exploits: host.block_exploits}, {ssl_forced: host.ssl_forced}, {caching_enabled: host.caching_enabled}, {block_exploits: host.block_exploits},
{allow_websocket_upgrade: host.allow_websocket_upgrade}, {enable_proxy_protocol: host.enable_proxy_protocol}, {allow_websocket_upgrade: host.allow_websocket_upgrade}, {enable_proxy_protocol: host.enable_proxy_protocol},
{stream_enable_proxy_protocol: host.stream_enable_proxy_protocol},
{stream_allow_proxy_protocol: host.stream_allow_proxy_protocol},
{stream_load_balancer_ip: host.stream_load_balancer_ip},
{load_balancer_ip: host.load_balancer_ip}, {http2_support: host.http2_support}, {load_balancer_ip: host.load_balancer_ip}, {http2_support: host.http2_support},
{hsts_enabled: host.hsts_enabled}, {hsts_subdomains: host.hsts_subdomains}, {access_list: host.access_list}, {hsts_enabled: host.hsts_enabled}, {hsts_subdomains: host.hsts_subdomains}, {access_list: host.access_list},
{certificate: host.certificate}, host.locations[i]); {certificate: host.certificate}, host.locations[i]);

12
backend/migrations/22021009153423_proxy_protocol.js
View File

@@ -12,15 +12,21 @@ const logger = require('../logger').migrate;
*/ */
exports.up = function (knex/*, Promise*/) { exports.up = function (knex/*, Promise*/) {
logger.info('[' + migrate_name + '] Migrating Up...'); logger.info('[' + migrate_name + '] Migrating Up...');
let ret = knex.schema.table('proxy_host', function (proxy_host) {
return knex.schema.table('proxy_host', function (proxy_host) {
proxy_host.integer('enable_proxy_protocol').notNull().unsigned().defaultTo(0); proxy_host.integer('enable_proxy_protocol').notNull().unsigned().defaultTo(0);
proxy_host.string('load_balancer_ip').notNull().defaultTo(''); proxy_host.string('load_balancer_ip').notNull().defaultTo('');
}) })
.then(() => { .then(() => {
logger.info('[' + migrate_name + '] proxy_host Table altered - PROXY protocol added'); logger.info('[' + migrate_name + '] proxy_host Table altered - PROXY protocol added');
}).catch((err) => {
logger.error('[' + migrate_name + '] Error migrating up: ' + err);
ret = Promise.resolve(true);
}); });
if (!ret) {
logger.error('[' + migrate_name + '] ERROR MIGRATING UP');
ret = Promise.resolve(true);
}
return ret;
}; };
/** /**

49
backend/migrations/22021010135303_stream_proxy_protocol.js Normal file
View File

@@ -0,0 +1,49 @@
const migrate_name = 'stream_proxy_protocol';
const logger = require('../logger').migrate;
/**
* Migrate
*
* @see http://knexjs.org/#Schema
*
* @param {Object} knex
* @param {Promise} Promise
* @returns {Promise}
*/
exports.up = function (knex/*, Promise*/) {
logger.info('[' + migrate_name + '] Migrating Up...');
let ret = knex.schema.table('stream', function (stream) {
stream.integer('stream_enable_proxy_protocol').notNull().unsigned().defaultTo(0);
stream.integer('stream_access_proxy_protocol').notNull().unsigned().defaultTo(0);
stream.string('stream_load_balancer_ip').notNull().defaultTo('');
})
.then(() => {
logger.info('[' + migrate_name + '] stream Table altered - PROXY protocol added');
}).catch((err) => {
logger.error('[' + migrate_name + '] Error migrating up: ' + err);
});
if (!ret) {
logger.error('[' + migrate_name + '] ERROR MIGRATING UP');
}
};
/**
* Undo Migrate
*
* @param {Object} knex
* @param {Promise} Promise
* @returns {Promise}
*/
exports.down = function (knex/*, Promise*/) {
return knex.schema.table('stream', (stream) => {
stream.dropColumn('stream_enable_proxy_protocol');
stream.dropColumn('stream_access_proxy_protocol');
stream.dropColumn('stream_load_balancer_ip');
})
.then(function () {
logger.info('[' + migrate_name + '] MIGRATING DOWN stream Table altered - PROXY protocol removed');
});
// logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
// return Promise.resolve(true);
};

3
backend/schema/endpoints/proxy-hosts.json
View File

@@ -59,11 +59,12 @@
"type": "boolean" "type": "boolean"
}, },
"enable_proxy_protocol": { "enable_proxy_protocol": {
"description": "Enable PROXY Protocol support", "description": "Enable PROXY Protocol support (Pass through)",
"example": true, "example": true,
"type": "boolean" "type": "boolean"
}, },
"load_balancer_ip": { "load_balancer_ip": {
"description": "Authorized TCP Load Balancer IP / CIDR for setting 'set_real_ip_from'",
"type": "string", "type": "string",
"minLength": 0, "minLength": 0,
"maxLength": 255 "maxLength": 255

51
backend/schema/endpoints/streams.json
View File

@@ -46,6 +46,22 @@
"udp_forwarding": { "udp_forwarding": {
"type": "boolean" "type": "boolean"
}, },
"stream_enable_proxy_protocol": {
"description": "Enable PROXY Protocol creation and override",
"example": true,
"type": "boolean"
},
"stream_allow_proxy_protocol": {
"description": "Enable PROXY Protocol passthrough",
"example": true,
"type": "boolean"
},
"stream_load_balancer_ip": {
"description": "Authorized TCP Load Balancer IP / CIDR for setting 'set_real_ip_from'",
"type": "string",
"minLength": 0,
"maxLength": 255
},
"enabled": { "enabled": {
"$ref": "../definitions.json#/definitions/enabled" "$ref": "../definitions.json#/definitions/enabled"
}, },
@@ -78,6 +94,15 @@
"udp_forwarding": { "udp_forwarding": {
"$ref": "#/definitions/udp_forwarding" "$ref": "#/definitions/udp_forwarding"
}, },
"stream_allow_proxy_protocol": {
"$ref": "#/definitions/stream_allow_proxy_protocol"
},
"stream_enable_proxy_protocol": {
"$ref": "#/definitions/stream_enable_proxy_protocol"
},
"stream_load_balancer_ip": {
"$ref": "#/definitions/stream_load_balancer_ip"
},
"enabled": { "enabled": {
"$ref": "#/definitions/enabled" "$ref": "#/definitions/enabled"
}, },
@@ -88,7 +113,7 @@
"links": [ "links": [
{ {
"title": "List", "title": "List",
"description": "Returns a list of Steams", "description": "Returns a list of Streams",
"href": "/nginx/streams", "href": "/nginx/streams",
"access": "private", "access": "private",
"method": "GET", "method": "GET",
@@ -137,6 +162,15 @@
"udp_forwarding": { "udp_forwarding": {
"$ref": "#/definitions/udp_forwarding" "$ref": "#/definitions/udp_forwarding"
}, },
"stream_allow_proxy_protocol": {
"$ref": "#/definitions/stream_allow_proxy_protocol"
},
"stream_enable_proxy_protocol": {
"$ref": "#/definitions/stream_enable_proxy_protocol"
},
"stream_load_balancer_ip": {
"$ref": "#/definitions/stream_load_balancer_ip"
},
"meta": { "meta": {
"$ref": "#/definitions/meta" "$ref": "#/definitions/meta"
} }
@@ -177,6 +211,15 @@
"udp_forwarding": { "udp_forwarding": {
"$ref": "#/definitions/udp_forwarding" "$ref": "#/definitions/udp_forwarding"
}, },
"stream_allow_proxy_protocol": {
"$ref": "#/definitions/stream_allow_proxy_protocol"
},
"stream_enable_proxy_protocol": {
"$ref": "#/definitions/stream_enable_proxy_protocol"
},
"stream_load_balancer_ip": {
"$ref": "#/definitions/stream_load_balancer_ip"
},
"meta": { "meta": {
"$ref": "#/definitions/meta" "$ref": "#/definitions/meta"
} }
@@ -190,7 +233,7 @@
}, },
{ {
"title": "Delete", "title": "Delete",
"description": "Deletes a existing Stream", "description": "Deletes an existing Stream",
"href": "/nginx/streams/{definitions.identity.example}", "href": "/nginx/streams/{definitions.identity.example}",
"access": "private", "access": "private",
"method": "DELETE", "method": "DELETE",
@@ -204,7 +247,7 @@
}, },
{ {
"title": "Enable", "title": "Enable",
"description": "Enables a existing Stream", "description": "Enables an existing Stream",
"href": "/nginx/streams/{definitions.identity.example}/enable", "href": "/nginx/streams/{definitions.identity.example}/enable",
"access": "private", "access": "private",
"method": "POST", "method": "POST",
@@ -218,7 +261,7 @@
}, },
{ {
"title": "Disable", "title": "Disable",
"description": "Disables a existing Stream", "description": "Disables an existing Stream",
"href": "/nginx/streams/{definitions.identity.example}/disable", "href": "/nginx/streams/{definitions.identity.example}/disable",
"access": "private", "access": "private",
"method": "POST", "method": "POST",

5
backend/templates/_stream_proxy_protocol.conf Normal file
View File

@@ -0,0 +1,5 @@
{%if stream_allow_proxy_protocol == 1 or stream_allow_proxy_protocol == true %}
{% if stream_load_balancer_ip != '' %}
set_real_ip_from {{ stream_load_balancer_ip }};
{% endif %}
{% endif %}

9
backend/templates/stream.conf
View File

@@ -5,13 +5,16 @@
{% if enabled %} {% if enabled %}
{% if tcp_forwarding == 1 or tcp_forwarding == true -%} {% if tcp_forwarding == 1 or tcp_forwarding == true -%}
server { server {
listen {{ incoming_port }}; listen {{ incoming_port }}{% if stream_allow_proxy_protocol == 1 or stream_allow_proxy_protocol == true%} proxy_protocol{% endif %};
{% if ipv6 -%} {% if ipv6 -%}
listen [::]:{{ incoming_port }}; listen [::]:{{ incoming_port }}{% if stream_allow_proxy_protocol == 1 or stream_allow_proxy_protocol == true%} proxy_protocol{% endif %};
{% else -%} {% else -%}
#listen [::]:{{ incoming_port }}; #listen [::]:{{ incoming_port }};
{% endif %} {% endif %}
{%if stream_enable_proxy_protocol == 1 or stream_enable_proxy_protocol == true%}
proxy_protocol on;
{% endif %}
{% include '_stream_proxy_protocol.conf' %}
proxy_pass {{ forwarding_host }}:{{ forwarding_port }}; proxy_pass {{ forwarding_host }}:{{ forwarding_port }};
# Custom # Custom

26
frontend/js/app/nginx/stream/form.ejs
View File

@@ -42,6 +42,32 @@
</label> </label>
</div> </div>
</div> </div>
<div class="col-sm-6 col-md-6">
<div class="form-group">
<label class="custom-switch">
<input type="checkbox" class="custom-switch-input" name="stream_enable_proxy_protocol" value="1"<%- stream_enable_proxy_protocol ? ' checked' : '' %>>
<span class="custom-switch-indicator"></span>
<span class="custom-switch-description"><%- i18n('streams', 'enable_proxy_protocol') %><a href="https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#proxy-protocol-for-a-tcp-connection-to-an-upstream" target="_blank"><i class="fe fe-help-circle"></i></a></span>
</label>
</div>
</div>
<div class="col-sm-6 col-md-6">
<div class="form-group">
<label class="custom-switch">
<input type="checkbox" class="custom-switch-input" name="stream_allow_proxy_protocol" value="1"<%- stream_allow_proxy_protocol ? ' checked' : '' %>>
<span class="custom-switch-indicator"></span>
<span class="custom-switch-description"><%- i18n('streams', 'allow_proxy_protocol') %> <a href="https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#introduction" target="_blank"><i class="fe fe-help-circle"></i></a></span>
</label>
</div>
</div>
<div class="col-sm-12 col-md-12">
<div class="form-group">
<label class="form-label"><%- i18n('streams', 'load-balancer-ip') %> <a href="https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#changing-the-load-balancers-ip-address-to-the-client-ip-address" target="_blank"><i class="fe fe-help-circle"></i></a></label>
<input type="text" name="stream_load_balancer_ip" class="form-control text-monospace" placeholder="" value="<%- stream_load_balancer_ip %>" autocomplete="off" maxlength="255" <%- stream_allow_proxy_protocol ? '' : ' disabled' %>>
</div>
</div>
<div class="col-sm-12 col-md-12"> <div class="col-sm-12 col-md-12">
<div class="forward-type-error invalid-feedback"><%- i18n('streams', 'forward-type-error') %></div> <div class="forward-type-error invalid-feedback"><%- i18n('streams', 'forward-type-error') %></div>
</div> </div>

15
frontend/js/app/nginx/stream/form.js
View File

@@ -18,13 +18,23 @@ module.exports = Mn.View.extend({
buttons: '.modal-footer button', buttons: '.modal-footer button',
switches: '.custom-switch-input', switches: '.custom-switch-input',
cancel: 'button.cancel', cancel: 'button.cancel',
save: 'button.save' save: 'button.save',
stream_allow_proxy_protocol: 'input[name="stream_allow_proxy_protocol"]',
stream_enable_proxy_protocol: 'input[name="stream_enable_proxy_protocol"]',
stream_load_balancer_ip: 'input[name="stream_load_balancer_ip"]'
}, },
events: { events: {
'change @ui.switches': function () { 'change @ui.switches': function () {
this.ui.type_error.hide(); this.ui.type_error.hide();
}, },
'change @ui.stream_allow_proxy_protocol': function () {
let checked = this.ui.stream_allow_proxy_protocol.prop('checked');
this.ui.stream_load_balancer_ip
.prop('disabled', !checked)
.parents('.form-group')
.css('opacity', checked ? 1 : 0.5);
},
'click @ui.save': function (e) { 'click @ui.save': function (e) {
e.preventDefault(); e.preventDefault();
@@ -47,6 +57,8 @@ module.exports = Mn.View.extend({
data.forwarding_port = parseInt(data.forwarding_port, 10); data.forwarding_port = parseInt(data.forwarding_port, 10);
data.tcp_forwarding = !!data.tcp_forwarding; data.tcp_forwarding = !!data.tcp_forwarding;
data.udp_forwarding = !!data.udp_forwarding; data.udp_forwarding = !!data.udp_forwarding;
data.stream_enable_proxy_protocol = !!data.stream_enable_proxy_protocol;
data.stream_allow_proxy_protocol = !!data.stream_allow_proxy_protocol;
let method = App.Api.Nginx.Streams.create; let method = App.Api.Nginx.Streams.create;
let is_new = true; let is_new = true;
@@ -82,3 +94,4 @@ module.exports = Mn.View.extend({
} }
} }
}); });

9
frontend/js/i18n/messages.json
View File

@@ -134,8 +134,8 @@
"ignore-invalid-upstream-ssl": "Ignore Invalid SSL", "ignore-invalid-upstream-ssl": "Ignore Invalid SSL",
"custom-forward-host-help": "Add a path for sub-folder forwarding.\nExample: 203.0.113.25/path/", "custom-forward-host-help": "Add a path for sub-folder forwarding.\nExample: 203.0.113.25/path/",
"search": "Search Host…", "search": "Search Host…",
"enable-proxy-protocol": "Enable PROXY Protocol", "enable-proxy-protocol": "Allow PROXY Protocol (Pass through)",
"load-balancer-ip": "Load balancer or TCP proxy IP / CIDR range " "load-balancer-ip": "AUTHORIZED Load balancer or TCP proxy IP / CIDR range"
}, },
"redirection-hosts": { "redirection-hosts": {
"title": "Redirection Hosts", "title": "Redirection Hosts",
@@ -181,7 +181,10 @@
"delete-confirm": "Are you sure you want to delete this Stream?", "delete-confirm": "Are you sure you want to delete this Stream?",
"help-title": "What is a Stream?", "help-title": "What is a Stream?",
"help-content": "A relatively new feature for Nginx, a Stream will serve to forward TCP/UDP traffic directly to another computer on the network.\nIf you're running game servers, FTP or SSH servers this can come in handy.", "help-content": "A relatively new feature for Nginx, a Stream will serve to forward TCP/UDP traffic directly to another computer on the network.\nIf you're running game servers, FTP or SSH servers this can come in handy.",
"search": "Search Incoming Port…" "search": "Search Incoming Port…",
"allow-proxy-protocol": "Allow PROXY Protocol (Pass through)",
"enable-proxy-protocol": "Enable PROXY Protocol (Create and override PROXY protocol instead of passing through)",
"load-balancer-ip": "AUTHORIZED Load balancer or TCP proxy IP / CIDR range"
}, },
"certificates": { "certificates": {
"title": "SSL Certificates", "title": "SSL Certificates",

3
frontend/js/models/stream.js
View File

@@ -13,6 +13,9 @@ const model = Backbone.Model.extend({
forwarding_port: null, forwarding_port: null,
tcp_forwarding: true, tcp_forwarding: true,
udp_forwarding: false, udp_forwarding: false,
stream_allow_proxy_protocol: false,
stream_enable_proxy_protocol: false,
stream_load_balancer_ip: '',
enabled: true, enabled: true,
meta: {}, meta: {},
// The following are expansions: // The following are expansions: