Go to file
Mario Fetka 867fc3475c Bump
2020-02-12 11:55:27 +01:00
debian Bump 2020-02-12 11:55:27 +01:00
.gitignore Imported Upstream version 0.2 2020-02-12 11:53:48 +01:00
LICENSE Imported Upstream version 0.2 2020-02-12 11:53:48 +01:00
Makefile Imported Upstream version 0.2 2020-02-12 11:53:48 +01:00
mod_proxy_protocol.c Imported Upstream version 0.2 2020-02-12 11:53:48 +01:00
mod_proxy_protocol.xml Imported Upstream version 0.2 2020-02-12 11:53:48 +01:00
mod_proxy_protocol.xml.meta Imported Upstream version 0.2 2020-02-12 11:53:48 +01:00
README.md Imported Upstream version 0.2 2020-02-12 11:53:48 +01:00

Apache Proxy Protocol Module

This is an Apache module that implements the server side of HAProxy's Proxy Protocol.

Note: as of Apache 2.4.30 this code has been merged into mod_remoteip, with the ProxyProtocol directive renamed to RemoteIPProxyProtocol.

Build and Install

You'll need the apache development packages installed (typically something like apache-devel or apache2-dev). Then simply running make will create the shared library in .libs/mod_proxy_protocol.so; make install will attempt to install it in your current apache installation (you'll probably need to be root for this).

Configuration

Add the following directive to your apache config to load the module

LoadModule proxy_protocol_module <path-to-module>/mod_proxy_protocol.so

or try running

apxs -a mod_proxy_protocol.c

For configuration details see the module docs

Amazon EC2 Notes

To properly secure Apache when using this on EC2 behind an ELB you'll probably want to do something like the following to ensure that only the ELB can provide the proxy protocol header while still being able to access the site directly (not via the ELB):

  1. In Apache create a copy of virtual host with a new port, and add the 'ProxyProtocol On' directive to this new virtual host.
  2. Add an entry to the security group for the server that only allows access to this new port from the ELB (specify the source as amazon-elb/amazon-elb-sg)
  3. Point the ELB listener at this new port (and of course enable the proxy protocol for that)

TODO

  • Add access-control (see commented out ProxyProtocolTrustedProxies in mod_proxy_protocol.xml)
  • Add support for outgoing connections (mod_proxy)