Hi guys I've been looking into implementing the PROXY protocol[1] for Varnish 4. This has been discussed several times before, in particular it seems some consensus was found at VDD13Q4 in Berlin last year [2]. This was regarding the interface in terms of specifying the listening socket (-a) and the VCL *.ip bits. I was not present at this VDD myself, so I'd just like to discuss and perhaps get some verification as to what was agreed.
As for the -a listening argument, this ties into how it should be handled for HTTP/2. From reading the notes, the agreed upon syntax was -a PROTO@IP:0 Is the PROTO@ part mandatory, or is there a fallback when it's left out (e.g. plain old '-a :80')? I think it makes most sense to have the fallback value be HTTP/1.1 that also supports HTTP/2 via Upgrade [3]. If we are also going to have a way of specifying the protocol to be exclusively HTTP/1 or HTTP/2 [4], we could use values 'http1' and 'http2' to denote that. Further, a PROXY protocol listen socket is specified like this: -a [email protected]:8081 The PROXY implementation will hand over to the HTTP/1 FSM after processing the PROXY header. From my understanding the PROXY protocol is not specified for HTTP/2, so the connection here must stick with HTTP/1. Also, any incoming request on this interface not containing a valid PROXY header must be rejected. As for the VCL bits, I'm very happy with what was agreed upon at VDD13Q4 (local.ip, remote.ip, client.ip, server.ip). I don't see any mention of logging having been discussed, but I think it makes sense to have SessOpen use local.ip/remote.ip, while ReqStart should use server.ip/client.ip. varnishncsa will then use client.ip for logging the client host (%h). Opinions, input, comments? [1]: http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt [2]: https://www.varnish-cache.org/trac/wiki/VDD13Q4#PROXY [3]: https://tools.ietf.org/html/draft-ietf-httpbis-http2-15#section-3.2 [4]: https://tools.ietf.org/html/draft-ietf-httpbis-http2-15#section-3.4 -- Dag Haavi Finstad Software Developer | Varnish Software Mobile: +47 476 64 134 We Make Websites Fly! _______________________________________________ varnish-dev mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev
