35 shall be used or not, you need to configure separate ports for all the services |
35 shall be used or not, you need to configure separate ports for all the services |
36 that should be exposed with PROXY protocol support: |
36 that should be exposed with PROXY protocol support: |
37 |
37 |
38 ```lua |
38 ```lua |
39 --[[ |
39 --[[ |
40 Hint: While you can manually override the ports this module is listening on with |
40 Maps TCP ports to a specific Prosody network service. Further information about |
41 the "proxy_ports" directive, it is highly recommended to not set it and instead |
41 available service names can be found further down below in the module documentation. |
42 only configure the appropriate mappings with "proxy_port_mappings", which will |
42 ]]-- |
43 automatically start listening on all mapped ports. |
|
44 ]]-- |
|
45 |
|
46 proxy_port_mappings = { |
43 proxy_port_mappings = { |
47 [15222] = "c2s", |
44 [15222] = "c2s", |
48 [15269] = "s2s" |
45 [15269] = "s2s" |
49 } |
46 } |
|
47 |
|
48 --[[ |
|
49 Specifies a list of trusted hosts or networks which may use the PROXY protocol |
|
50 If not specified, it will default to: 127.0.0.1, ::1 (local connections only) |
|
51 An empty table ({}) can be configured to allow connections from any source. |
|
52 Please read the module documentation about potential security impact. |
|
53 ]]-- |
|
54 proxy_trusted_proxies = { |
|
55 "192.168.10.1", |
|
56 "172.16.0.0/16" |
|
57 } |
|
58 |
|
59 --[[ |
|
60 While you can manually override the ports this module is listening on with |
|
61 the "proxy_ports" directive, it is highly recommended to not set it and instead |
|
62 only configure the appropriate mappings with "proxy_port_mappings", which will |
|
63 automatically start listening on all mapped ports. |
|
64 |
|
65 Example: proxy_ports = { 15222, 15269 } |
|
66 ]]-- |
50 ``` |
67 ``` |
51 |
68 |
52 The above example configuration, which needs to be placed in the global section, |
69 The above example configuration, which needs to be placed in the global section, |
53 would listen on both tcp/15222 and tcp/15269. All incoming connections to these ports |
70 would listen on both tcp/15222 and tcp/15269. All incoming connections have to |
54 have to be initiated by a PROXYv1 or PROXYv2 sender and will get mapped to the |
71 originate from trusted hosts/networks (configured by _proxy_trusted_proxies_) and |
55 configured service name after initializating the connection. |
72 must be initiated by a PROXYv1 or PROXYv2 sender. After processing the PROXY |
|
73 protocol, those connections will get mapped to the configured service name. |
56 |
74 |
57 Please note that each port handled by _mod_net_proxy_ must be mapped to another |
75 Please note that each port handled by _mod_net_proxy_ must be mapped to another |
58 service name by adding an item to _proxy_port_mappings_, otherwise a warning will |
76 service name by adding an item to _proxy_port_mappings_, otherwise a warning will |
59 be printed during module initialization and all incoming connections to unmapped ports |
77 be printed during module initialization and all incoming connections to unmapped ports |
60 will be dropped after processing the PROXY protocol requests. |
78 will be dropped after processing the PROXY protocol requests. |