1. Forum
  2. Fsxnet Message
  3. FSX MYS

  • Feature Request: Proxy Protocol Support

    From deon@21:2/116.1 to g00r00 on Friday, March 22, 2019 03:55:33
    Hey g00r00

    I know life is keeping you busy, but I thought I'd at least jot this down.

    When you are feeling like you want to create something new and have the time (*grin*) do you think you could add Proxy Protocol support to Mystic?

    http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt

    My request is for docker (swarm), but it will benefit everybody.

    HAPROXY is a TCP proxy that you can put infront of applications, for various reasons (sudo firewalling/load balancing/throttling, etc) - and since BBSs
    all use standard ports, folks could choose to put haproxy infront of their
    BBS to reduce the amount of port bombs that are occurring (especially those to ports 22/23).

    The problem with a proxy in front, is you loose the "source address", so
    things like Geo Controls/Network Controls or just plain logging are lost from the app (although they are logged in the proxy).

    If Mystic could be setup to accept "proxied" connections (for those of us
    that want to run haproxy in front of it), then by understanding the proxy protocol, the mystic can still know the real source, even if TCP traffic is going via the proxy.

    It doesnt look too hard to implement and I think it would be a "Enable Proxy: yes/no" on all the TCP services that mystic has. Under the covers you would
    be parsing the first TCP packet that comes from the proxy with the real source details.

    (In my case, I use docker swarm, so containers "float" between machines.
    Swarm uses a proxy/nat setup that results in the source of the TCP packet
    being that of the docker host, not the original person (or BBS). So I have to lock Mystic to a specific host in my swarm, and use "host" ports to get the real source. Supporting haproxy would let me put mystic in the swarm - where
    it could happily float between my Pi's - especially if one breaks.)

    Anyway (modern technology ideas) for a legacy network :)

    ...deon

    _--_|\ | Deon George
    / \ | Chinwag BBS - A BBS on a PI in Docker!
    \_.__.*/ |
    V | Coming from the 'burbs of Melbourne, Australia

    --- Mystic BBS v1.12 A42 2018/12/27 (Raspberry Pi/32)
    * Origin: Chinwag | MysticBBS in Docker on a Pi! (21:2/116.1)
  • From g00r00@21:1/108 to deon on Sunday, March 24, 2019 00:08:08
    Hey g00r00

    I know life is keeping you busy, but I thought I'd at least jot this
    down.

    When you are feeling like you want to create something new and have the time (*grin*) do you think you could add Proxy Protocol support to
    Mystic?

    Added to the TODO list!

    --- Mystic BBS v1.12 A43 2019/03/02 (Linux/64)
    * Origin: Sector 7 (21:1/108)