Add optional support for the PROXY protocol

config/config.go

@@ -87,6 +87,7 @@ type Config struct {
 	AccessLog                AccessLog     `yaml:"access_log"`
 	EnableAccessLogStreaming bool          `yaml:"enable_access_log_streaming"`
 	DebugAddr                string        `yaml:"debug_addr"`
+	EnablePROXY              bool          `yaml:"enable_proxy"`
 	EnableSSL                bool          `yaml:"enable_ssl"`
 	SSLPort                  uint16        `yaml:"ssl_port"`
 	SSLCertPath              string        `yaml:"ssl_cert_path"`
@@ -141,11 +142,12 @@ var defaultConfig = Config{
 	Nats:    []NatsConfig{defaultNatsConfig},
 	Logging: defaultLoggingConfig,
 
-	Port:       8081,
-	Index:      0,
-	GoMaxProcs: -1,
-	EnableSSL:  false,
-	SSLPort:    443,
+	Port:        8081,
+	Index:       0,
+	GoMaxProcs:  -1,
+	EnablePROXY: false,
+	EnableSSL:   false,
+	SSLPort:     443,
 
 	EndpointTimeoutInSeconds:     60,
 	RouteServiceTimeoutInSeconds: 60,

config/config_test.go

@@ -265,6 +265,16 @@ token_fetcher_expiration_buffer_time: 40
 			Expect(config.TokenFetcherRetryIntervalInSeconds).To(Equal(5))
 			Expect(config.TokenFetcherExpirationBufferTimeInSeconds).To(Equal(int64(30)))
 		})
+
+		It("sets proxy protocol", func() {
+			var b = []byte(`
+enable_proxy: true
+`)
+
+			config.Initialize(b)
+
+			Expect(config.EnablePROXY).To(Equal(true))
+		})
 	})
 
 	Describe("Process", func() {

router/router.go

@@ -7,6 +7,7 @@ import (
 	"sync"
 	"syscall"
 
+	"github.com/armon/go-proxyproto"
 	"github.com/apcera/nats"
 	"github.com/cloudfoundry/dropsonde"
 	vcap "github.com/cloudfoundry/gorouter/common"
@@ -267,10 +268,14 @@ func (r *Router) serveHTTPS(server *http.Server, errChan chan error) error {
 		}
 
 		r.tlsListener = tlsListener
-		r.logger.Info(fmt.Sprintf("Listening on %s", tlsListener.Addr()))
+		if r.config.EnablePROXY {
+			r.tlsListener = &proxyproto.Listener{tlsListener}
+		}
+
+		r.logger.Info(fmt.Sprintf("Listening on %s", r.tlsListener.Addr()))
 
 		go func() {
-			err := server.Serve(tlsListener)
+			err := server.Serve(r.tlsListener)
 			r.stopLock.Lock()
 			if !r.stopping {
 				errChan <- err
@@ -290,10 +295,14 @@ func (r *Router) serveHTTP(server *http.Server, errChan chan error) error {
 	}
 
 	r.listener = listener
-	r.logger.Info(fmt.Sprintf("Listening on %s", listener.Addr()))
+	if r.config.EnablePROXY {
+		r.listener = &proxyproto.Listener{listener}
+	}
+
+	r.logger.Info(fmt.Sprintf("Listening on %s", r.listener.Addr()))
 
 	go func() {
-		err := server.Serve(listener)
+		err := server.Serve(r.listener)
 		r.stopLock.Lock()
 		if !r.stopping {
 			errChan <- err

router/router_test.go

@@ -79,6 +79,7 @@ var _ = Describe("Router", func() {
 		config.SSLPort = 4443 + uint16(gConfig.GinkgoConfig.ParallelNode)
 		config.SSLCertificate = cert
 		config.CipherSuites = []uint16{tls.TLS_RSA_WITH_AES_256_CBC_SHA}
+		config.EnablePROXY = true
 
 		// set pid file
 		f, err := ioutil.TempFile("", "gorouter-test-pidfile-")
@@ -586,6 +587,34 @@ var _ = Describe("Router", func() {
 		Expect(string(body)).To(MatchRegexp(".*1\\.2\\.3\\.4:1234.*\n"))
 	})
 
+	It("handles the PROXY protocol", func() {
+		app := test.NewTestApp([]route.Uri{"proxy.vcap.me"}, config.Port, mbusClient, nil, "")
+
+		rCh := make(chan string)
+		app.AddHandler("/", func(w http.ResponseWriter, r *http.Request) {
+			rCh <- r.Header.Get("X-Forwarded-For")
+		})
+		app.Listen()
+		Eventually(func() bool {
+			return appRegistered(registry, app)
+		}).Should(BeTrue())
+
+		host := fmt.Sprintf("proxy.vcap.me:%d", config.Port)
+		conn, err := net.DialTimeout("tcp", host, 10*time.Second)
+		Expect(err).ToNot(HaveOccurred())
+		defer conn.Close()
+
+		fmt.Fprintf(conn, "PROXY TCP4 192.168.0.1 192.168.0.2 12345 80\r\n"+
+			"GET / HTTP/1.0\r\n"+
+			"Host: %s\r\n"+
+			"\r\n", host)
+
+		var rr string
+		Eventually(rCh).Should(Receive(&rr))
+		Expect(rr).ToNot(BeNil())
+		Expect(rr).To(Equal("192.168.0.1"))
+	})
+
 	Context("HTTP keep-alive", func() {
 		It("reuses the same connection on subsequent calls", func() {
 			app := test.NewGreetApp([]route.Uri{"keepalive.vcap.me"}, config.Port, mbusClient, nil)