hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add proxy protocol setting documentation

Browse Source
This commit is contained in:
Esa Korhonen
2017-04-27 13:54:46 +03:00
parent 97e57d92ff
commit c90c870727
1 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
Documentation/Getting-Started/Configuration-Guide.md
View File

@ -970,6 +970,24 @@ closed.
For more information about persistent connections, please read the For more information about persistent connections, please read the
[Administration Tutorial](../Tutorials/Administration-Tutorial.md). [Administration Tutorial](../Tutorials/Administration-Tutorial.md).
#### `use_proxy_protocol`
If `use_proxy_protocol` is set to `yes`, MaxScale will send a proxy protocol
header when connecting client sessions to the server. The header contains the
original client IP address and port, as seen by MaxScale. The server will then
read the header and perform authentication as if the connection originated from
this address instead of the MaxScale IP address. With this feature, the user
accounts on the backend server can be simplified to only contain the actual
client hosts and not the MaxScale host.
Currently, using this feature is unpractical due to the restrictiveness of the
proxy protocol. The protocol requires that *all* connections from proxy enabled
addresses must send a valid proxy header. MaxScale has other connections to the
servers in addition to client sessions, e.g. monitors, and the server will
refuse these due to the lack of the header. To bypass this restriction, the
server monitor needs to be disabled and the service listener needs to be
configured to disregard authentication errors (`skip_authentication=true`).
### Server and SSL ### Server and SSL
This section describes configuration parameters for servers that control the This section describes configuration parameters for servers that control the