Merge pull request v2ray#128 from rprx/master

Add PROXY protocol support to WS inbound

infra/conf/transport_internet.go

@@ -134,9 +134,10 @@ func (c *TCPConfig) Build() (proto.Message, error) {
 }
 
 type WebSocketConfig struct {
-	Path    string            `json:"path"`
-	Path2   string            `json:"Path"` // The key was misspelled. For backward compatibility, we have to keep track the old key.
-	Headers map[string]string `json:"headers"`
+	Path                string            `json:"path"`
+	Path2               string            `json:"Path"` // The key was misspelled. For backward compatibility, we have to keep track the old key.
+	Headers             map[string]string `json:"headers"`
+	AcceptProxyProtocol bool              `json:"acceptProxyProtocol"`
 }
 
 // Build implements Buildable.
@@ -152,11 +153,13 @@ func (c *WebSocketConfig) Build() (proto.Message, error) {
 			Value: value,
 		})
 	}
-
 	config := &websocket.Config{
 		Path:   path,
 		Header: header,
 	}
+	if c.AcceptProxyProtocol {
+		config.AcceptProxyProtocol = c.AcceptProxyProtocol
+	}
 	return config, nil
 }
 

transport/internet/websocket/config.proto

@@ -18,4 +18,6 @@ message Config {
   string path = 2;
 
   repeated Header header = 3;
+
+  bool accept_proxy_protocol = 4;
 }

transport/internet/websocket/hub.go

@@ -10,6 +10,8 @@ import (
 	"time"
 
 	"github.com/gorilla/websocket"
+	"github.com/pires/go-proxyproto"
+
 	"v2ray.com/core/common"
 	"v2ray.com/core/common/net"
 	http_proto "v2ray.com/core/common/protocol/http"
@@ -61,16 +63,27 @@ type Listener struct {
 }
 
 func ListenWS(ctx context.Context, address net.Address, port net.Port, streamSettings *internet.MemoryStreamConfig, addConn internet.ConnHandler) (internet.Listener, error) {
+	listener, err := internet.ListenSystem(ctx, &net.TCPAddr{
+		IP:   address.IP(),
+		Port: int(port),
+	}, streamSettings.SocketSettings)
+	if err != nil {
+		return nil, newError("failed to listen TCP(for WS) on", address, ":", port).Base(err)
+	}
+	newError("Listening TCP(for WS) on ", address, ":", port).WriteToLog(session.ExportIDToError(ctx))
+
 	wsSettings := streamSettings.ProtocolSettings.(*Config)
 
-	var tlsConfig *tls.Config
-	if config := v2tls.ConfigFromStreamSettings(streamSettings); config != nil {
-		tlsConfig = config.GetTLSConfig()
+	if wsSettings.AcceptProxyProtocol {
+		policyFunc := func(upstream net.Addr) (proxyproto.Policy, error) { return proxyproto.REQUIRE, nil }
+		listener = &proxyproto.Listener{Listener: listener, Policy: policyFunc}
+		newError("Accepting PROXY protocol").AtWarning().WriteToLog(session.ExportIDToError(ctx))
 	}
 
-	listener, err := listenTCP(ctx, address, port, tlsConfig, streamSettings.SocketSettings)
-	if err != nil {
-		return nil, err
+	if config := v2tls.ConfigFromStreamSettings(streamSettings); config != nil {
+		if tlsConfig := config.GetTLSConfig(); tlsConfig != nil {
+			listener = tls.NewListener(listener, tlsConfig)
+		}
 	}
 
 	l := &Listener{
@@ -97,22 +110,6 @@ func ListenWS(ctx context.Context, address net.Address, port net.Port, streamSet
 	return l, err
 }
 
-func listenTCP(ctx context.Context, address net.Address, port net.Port, tlsConfig *tls.Config, sockopt *internet.SocketConfig) (net.Listener, error) {
-	listener, err := internet.ListenSystem(ctx, &net.TCPAddr{
-		IP:   address.IP(),
-		Port: int(port),
-	}, sockopt)
-	if err != nil {
-		return nil, newError("failed to listen TCP on", address, ":", port).Base(err)
-	}
-
-	if tlsConfig != nil {
-		return tls.NewListener(listener, tlsConfig), nil
-	}
-
-	return listener, nil
-}
-
 // Addr implements net.Listener.Addr().
 func (ln *Listener) Addr() net.Addr {
 	return ln.listener.Addr()