PROXY Protocol support implementation

2025-08-16 22:06:51 +00:00 · 2022-02-23 11:32:39 +01:00
parent b6875487fd
commit ecb27521b4
10 changed files with 122 additions and 9 deletions
--- a/backend/templates/_listen.conf
+++ b/backend/templates/_listen.conf
@@ -1,15 +1,25 @@
+{% if enable_proxy_protocol == 1 or enable_proxy_protocol == true%}
+  listen 88 proxy_protocol;
+{% if ipv6 -%}
+  listen [::]:88 proxy_protocol;
+{% endif %}  
+{% else -%}
  listen 80;
 {% if ipv6 -%}
  listen [::]:80;
-{% else -%}
-  #listen [::]:80;
+{% endif %}   
 {% endif %}
 {% if certificate -%}
+{% if enable_proxy_protocol == 1 or enable_proxy_protocol == true%}
+  listen 444 ssl{% if http2_support %} http2{% endif %} proxy_protocol;
+{% if ipv6 -%}
+  listen [::]:444 ssl{% if http2_support %} http2{% endif %} proxy_protocol;
+{% endif %}
+{% else -%}
  listen 443 ssl{% if http2_support %} http2{% endif %};
 {% if ipv6 -%}
  listen [::]:443 ssl{% if http2_support %} http2{% endif %};
-{% else -%}
-  #listen [::]:443;
 {% endif %}
 {% endif %}
-  server_name {{ domain_names | join: " " }};
+{% endif %}
+  server_name {{ domain_names | join: " " }};
--- a/backend/templates/_proxy_protocol.conf
+++ b/backend/templates/_proxy_protocol.conf
@@ -0,0 +1,6 @@
+{% if enable_proxy_protocol == 1 or enable_proxy_protocol == true %}
+{% if load_balancer_ip != '' %}
+  set_real_ip_from {{ load_balancer_ip }};
+  real_ip_header proxy_protocol;
+{% endif %}
+{% endif %}
--- a/backend/templates/proxy_host.conf
+++ b/backend/templates/proxy_host.conf
@@ -12,6 +12,7 @@ server {
 {% include "_exploits.conf" %}
 {% include "_hsts.conf" %}
 {% include "_forced_ssl.conf" %}
+{% include "_proxy_protocol.conf" %}

 {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
 proxy_set_header Upgrade $http_upgrade;