diff --git a/directives.go b/directives.go index 4227cf0..4ddd4d4 100644 --- a/directives.go +++ b/directives.go @@ -11,6 +11,7 @@ import ( "net/url" "os" "os/exec" + "strconv" "strings" "git.sr.ht/~emersion/go-scfg" @@ -174,6 +175,21 @@ func parseBackend(backend *Backend, d *scfg.Directive) error { remoteCertFP := hex.EncodeToString(sum[:]) return fmt.Errorf("configured TLS certificate fingerprint doesn't match the server's - %s", remoteCertFP) } + case "proxy_version": + var version string + if err := child.ParseParams(&version); err != nil { + return err + } + v, err := strconv.Atoi(version) + if err != nil { + return fmt.Errorf("directive proxy_version: invalid version: %v", err) + } + switch v { + case 1, 2: + backend.ProxyVersion = v + default: + return fmt.Errorf("directive proxy_version: unknown version: %v", v) + } } } diff --git a/server.go b/server.go index 4d467ba..9de4c1e 100644 --- a/server.go +++ b/server.go @@ -366,7 +366,7 @@ func (fe *Frontend) handle(downstream net.Conn, tlsState *tls.ConnectionState) e defer upstream.Close() if be.Proxy { - h := proxyproto.HeaderProxyFromAddrs(2, downstream.RemoteAddr(), downstream.LocalAddr()) + h := proxyproto.HeaderProxyFromAddrs(byte(be.ProxyVersion), downstream.RemoteAddr(), downstream.LocalAddr()) var tlvs []proxyproto.TLV if tlsState.ServerName != "" { @@ -396,10 +396,11 @@ func (fe *Frontend) handle(downstream net.Conn, tlsState *tls.ConnectionState) e } type Backend struct { - Network string - Address string - Proxy bool - TLSConfig *tls.Config // nil if no TLS + Network string + Address string + Proxy bool + ProxyVersion int + TLSConfig *tls.Config // nil if no TLS } func duplexCopy(a, b io.ReadWriter) error { diff --git a/tlstunnel.1.scd b/tlstunnel.1.scd index 3c337e0..4b1e315 100644 --- a/tlstunnel.1.scd +++ b/tlstunnel.1.scd @@ -52,7 +52,7 @@ The following directives are supported: *listen*
... Additional addresses to listen on. - *backend*