Add support for proxy_protocol in proxy_hosts and streams

Closes #1114
Related To #1882
Related To #3537
Related To #3618

Co-authored-by: jwklijnsma <[email protected]>
Co-authored-by: SBado <[email protected]>

Author: 3 people

backend/internal/nginx.js

@@ -156,7 +156,8 @@ const internalNginx = {
 						{ssl_forced: host.ssl_forced}, {caching_enabled: host.caching_enabled}, {block_exploits: host.block_exploits},
 						{allow_websocket_upgrade: host.allow_websocket_upgrade}, {http2_support: host.http2_support},
 						{hsts_enabled: host.hsts_enabled}, {hsts_subdomains: host.hsts_subdomains}, {access_list: host.access_list},
-						{certificate: host.certificate}, host.locations[i]);
+						{certificate: host.certificate}, {proxy_protocol_enabled: host.proxy_protocol_enabled},
+						{loadbalancer_address: host.loadbalancer_address}, host.locations[i]);
 
 					if (locationCopy.forward_host.indexOf('/') > -1) {
 						const splitted = locationCopy.forward_host.split('/');

backend/migrations/20241022221324_proxy_protocol.js

@@ -0,0 +1,56 @@
+const migrate_name = 'proxy_protocol';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param   {Object}  knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex/*, Promise*/) {
+	logger.info('[' + migrate_name + '] Migrating Up...');
+
+	return knex.schema.table('proxy_host', function (proxy_host) {
+		proxy_host.integer('proxy_protocol_enabled').notNull().defaultTo(0);
+		proxy_host.string('loadbalancer_address').notNull().defaultTo('');
+	})
+		.then(() => {
+			logger.info('[' + migrate_name + '] proxy_host Table altered');
+
+			return knex.schema.table('stream', function (stream) {
+				stream.integer('proxy_protocol_enabled').notNull().defaultTo(0);
+				stream.string('loadbalancer_address').notNull().defaultTo('');
+			})
+				.then(() => {
+					logger.info('[' + migrate_name + '] stream Table altered');
+				});
+		});
+
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param   {Object}  knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex/*, Promise*/) {
+	return knex.schema.table('proxy_host', function (proxy_host) {
+		proxy_host.dropColumn('proxy_protocol_enabled');
+		proxy_host.dropColumn('loadbalancer_address');
+	})
+		.then(function () {
+			logger.info('[' + migrate_name + '] proxy_host Table altered');
+			return knex.schema.table('stream', function (stream) {
+				stream.dropColumn('proxy_protocol_enabled');
+				stream.dropColumn('loadbalancer_address');
+			})
+				.then(function () {
+					logger.info('[' + migrate_name + '] stream Table altered');
+				});
+		});
+};

backend/models/proxy_host.js

@@ -21,6 +21,7 @@ const boolFields = [
 	'enabled',
 	'hsts_enabled',
 	'hsts_subdomains',
+	'proxy_protocol_enabled',
 ];
 
 class ProxyHost extends Model {

backend/models/stream.js

@@ -13,6 +13,7 @@ const boolFields = [
 	'is_deleted',
 	'tcp_forwarding',
 	'udp_forwarding',
+	'proxy_protocol_enabled',
 ];
 
 class Stream extends Model {

backend/schema/common.json

@@ -110,6 +110,16 @@
 		"caching_enabled": {
 			"description": "Should we cache assets",
 			"type": "boolean"
+		},
+		"proxy_protocol_enabled": {
+			"description": "Should the proxy_procotol be enabled",
+			"type": "boolean"
+		},
+		"loadbalancer_address": {
+			"description": "Hostname, IP or CIDR range of the load balancer",
+			"type": "string",
+			"minLength": 0,
+			"maxLength": 255
 		}
 	}
 }

backend/schema/components/proxy-host-object.json

@@ -23,7 +23,9 @@
 		"locations",
 		"hsts_enabled",
 		"hsts_subdomains",
-		"certificate"
+		"certificate",
+		"proxy_protocol_enabled",
+		"loadbalancer_address"
 	],
 	"additionalProperties": false,
 	"properties": {
@@ -137,6 +139,12 @@
 				}
 			]
 		},
+		"proxy_protocol_enabled": {
+			"$ref": "../common.json#/properties/proxy_protocol_enabled"
+		},
+		"loadbalancer_address": {
+			"$ref": "../common.json#/properties/loadbalancer_address"
+		},
 		"owner": {
 			"$ref": "./user-object.json"
 		},

backend/schema/components/stream-object.json

@@ -1,7 +1,7 @@
 {
 	"type": "object",
 	"description": "Stream object",
-	"required": ["id", "created_on", "modified_on", "owner_user_id", "incoming_port", "forwarding_host", "forwarding_port", "tcp_forwarding", "udp_forwarding", "enabled", "meta"],
+	"required": ["id", "created_on", "modified_on", "owner_user_id", "incoming_port", "forwarding_host", "forwarding_port", "tcp_forwarding", "udp_forwarding", "enabled", "meta", "proxy_protocol_enabled", "loadbalancer_address"],
 	"additionalProperties": false,
 	"properties": {
 		"id": {
@@ -55,6 +55,12 @@
 		},
 		"meta": {
 			"type": "object"
+		},
+		"proxy_protocol_enabled": {
+			"$ref": "../common.json#/properties/proxy_protocol_enabled"
+		},
+		"loadbalancer_address": {
+			"$ref": "../common.json#/properties/loadbalancer_address"
 		}
 	}
 }

backend/schema/paths/nginx/proxy-hosts/get.json

@@ -50,7 +50,9 @@
 									"enabled": true,
 									"locations": null,
 									"hsts_enabled": false,
-									"hsts_subdomains": false
+									"hsts_subdomains": false,
+									"proxy_protocol_enabled": false,
+									"loadbalancer_address": ""
 								}
 							]
 						}

backend/schema/paths/nginx/proxy-hosts/hostID/get.json

@@ -50,7 +50,9 @@
 								"enabled": true,
 								"locations": null,
 								"hsts_enabled": false,
-								"hsts_subdomains": false
+								"hsts_subdomains": false,
+								"proxy_protocol_enabled": false,
+								"loadbalancer_address": ""
 							}
 						}
 					},

backend/schema/paths/nginx/proxy-hosts/hostID/put.json

@@ -79,6 +79,12 @@
 						},
 						"locations": {
 							"$ref": "../../../../components/proxy-host-object.json#/properties/locations"
+						},
+						"proxy_protocol_enabled": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/proxy_protocol_enabled"
+						},
+						"loadbalancer_address": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/loadbalancer_address"
 						}
 					}
 				}
@@ -116,6 +122,8 @@
 								"enabled": true,
 								"hsts_enabled": false,
 								"hsts_subdomains": false,
+								"proxy_protocol_enabled": false,
+								"loadbalancer_address": "",
 								"owner": {
 									"id": 1,
 									"created_on": "2024-10-07T22:43:55.000Z",