mirror of
https://github.com/caddyserver/caddy.git
synced 2024-12-27 14:13:48 +03:00
docs: expand proxy protocol docs (#6620)
This commit is contained in:
parent
dd5decabe7
commit
c8a76d003f
1 changed files with 35 additions and 3 deletions
|
@ -25,7 +25,12 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
// ListenerWrapper provides PROXY protocol support to Caddy by implementing
|
// ListenerWrapper provides PROXY protocol support to Caddy by implementing
|
||||||
// the caddy.ListenerWrapper interface. It must be loaded before the `tls` listener.
|
// the caddy.ListenerWrapper interface. If a connection is received via Unix
|
||||||
|
// socket, it's trusted. Otherwise, it's checked against the Allow/Deny lists,
|
||||||
|
// then it's handled by the FallbackPolicy.
|
||||||
|
//
|
||||||
|
// It must be loaded before the `tls` listener because the PROXY protocol
|
||||||
|
// encapsulates the TLS data.
|
||||||
//
|
//
|
||||||
// Credit goes to https://github.com/mastercactapus/caddy2-proxyprotocol for having
|
// Credit goes to https://github.com/mastercactapus/caddy2-proxyprotocol for having
|
||||||
// initially implemented this as a plugin.
|
// initially implemented this as a plugin.
|
||||||
|
@ -45,8 +50,35 @@ type ListenerWrapper struct {
|
||||||
Deny []string `json:"deny,omitempty"`
|
Deny []string `json:"deny,omitempty"`
|
||||||
deny []netip.Prefix
|
deny []netip.Prefix
|
||||||
|
|
||||||
// Accepted values are: ignore, use, reject, require, skip
|
// FallbackPolicy specifies the policy to use if the downstream
|
||||||
// default: ignore
|
// IP address is not in the Allow list nor is in the Deny list.
|
||||||
|
//
|
||||||
|
// NOTE: The generated docs which describe the value of this
|
||||||
|
// field is wrong because of how this type unmarshals JSON in a
|
||||||
|
// custom way. The field expects a string, not a number.
|
||||||
|
//
|
||||||
|
// Accepted values are: IGNORE, USE, REJECT, REQUIRE, SKIP
|
||||||
|
//
|
||||||
|
// - IGNORE: address from PROXY header, but accept connection
|
||||||
|
//
|
||||||
|
// - USE: address from PROXY header
|
||||||
|
//
|
||||||
|
// - REJECT: connection when PROXY header is sent
|
||||||
|
// Note: even though the first read on the connection returns an error if
|
||||||
|
// a PROXY header is present, subsequent reads do not. It is the task of
|
||||||
|
// the code using the connection to handle that case properly.
|
||||||
|
//
|
||||||
|
// - REQUIRE: connection to send PROXY header, reject if not present
|
||||||
|
// Note: even though the first read on the connection returns an error if
|
||||||
|
// a PROXY header is not present, subsequent reads do not. It is the task
|
||||||
|
// of the code using the connection to handle that case properly.
|
||||||
|
//
|
||||||
|
// - SKIP: accepts a connection without requiring the PROXY header.
|
||||||
|
// Note: an example usage can be found in the SkipProxyHeaderForCIDR
|
||||||
|
// function.
|
||||||
|
//
|
||||||
|
// Default: IGNORE
|
||||||
|
//
|
||||||
// Policy definitions are here: https://pkg.go.dev/github.com/pires/go-proxyproto@v0.7.0#Policy
|
// Policy definitions are here: https://pkg.go.dev/github.com/pires/go-proxyproto@v0.7.0#Policy
|
||||||
FallbackPolicy Policy `json:"fallback_policy,omitempty"`
|
FallbackPolicy Policy `json:"fallback_policy,omitempty"`
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue