Hi Elazar,
Thanks for your response. Here is the network topology:
http://ibin.co/1h4dXaRPWCdW
Communication endpoints A and B are the mobile phone and public
interface of the load balancer respectively.
The ELB then forwards at the TCP level, all incoming bytes in a
separate TCP connection established between endpoints C and D. Note
that C is the private IP of the ELB and D is the private IP of the
GoProxy instance.
As you can see above, GoProxy or any software for that matter at
endpoint D only sees the private IP/node C as the RemoteAddr().
To work around this common class of problem with load balancers +
proxies, the Proxy Protocol v1 is a HAproxy devised (?) standard which
AWS ELBs do implement (ref [1]). The ELB adds some bytes to the first
few lines of the HTTP connection, which a supporting HTTP server or
proxy ought to be able to detect and parse.
An example preamble is ""PROXY TCP4 198.51.100.22 203.0.113.7 35646 80\r\n"
Since Go's HTTP layer doesn't expect the above message and sends a
HTTP 400 Bad Request back, the GoProxy layer doesn't get to do any
work.
So my question is really if there are any straightforward ways to
"peek" into the TCP connection, parse this first line if present, and
hopefully also ensure that RemoteAddr() returns the real client's IP.
http.hijack() would be overkill for this need as it bypasses the
entire HTTP stack after a call to it.
Any pointers welcome.
Siddharth
[1] The Proxy Protocol v1 standard:
http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt
--
Blackbuck Computing |
blackbuck.mobi |
twitter.com/blkbck |
+91-888-483-4186 |
+1-617-500-7576
>> email to
goproxy-dev...@googlegroups.com.