fix #1389

Support PROXY protocol v2, including ahead of plaintext connections
2026-05-27 01:54:47 -07:00 · 2020-11-19 12:31:58 -05:00
parent 9ce72a4b02
commit 3062f97c2b
6 changed files with 153 additions and 41 deletions
--- a/default.yaml
+++ b/default.yaml
@@ -52,10 +52,11 @@ server:
            tls:
                cert: fullchain.pem
                key: privkey.pem
-                # 'proxy' should typically be false. It's only for Kubernetes-style load
-                # balancing that does not terminate TLS, but sends an initial PROXY line
-                # in plaintext.
-                proxy: false
+            # 'proxy' should typically be false. It's for cloud load balancers that
+            # always send PROXY headers ahead of the connection (e.g., a v1 header
+            # ahead of unterminated TLS, or a v2 binary header) that MUST be present
+            # and cannot be processed on an optional basis.
+            proxy: false

        # Example of a Unix domain socket for proxying:
        # "/tmp/oragono_sock":