Feature #4078
closed
Mono Polimorph wrote:
I suggest to add support for PROXY-PROTOCOL in TCP input connections.
I try to explain more:
- For support the PROXY-PROTOCOL one explicit port is needed to be open. So the suggestion is, for example, add to the SAT>IP server another "alternative PROXY port" to the 554. The original port continues open, and a new one (user configurable) speaks the PROXY protocol.
- The port implementing the PROXY protocol only needs to check the proxy command, and if any error is detected, then it closes the socket and rejects the connection. And if all goes right, then it sends the connection to the regular code. No changes need to be done after this check. Only save the original origin IP address for use it when a second connection needs to be stablished (UDP traffic send).
That's all! Anyone interested on it?
Hi,
Regarding the PROXY-PROTOCOL, or the similar "X-Forwarded-For" header with HTTP (the difference is PROXY-PROTOCOL can work with any TCP socket, not only with the HTTP protocol). I suggest to add support for both. Obviously, you need to implement a whitelist for remote address with privileges to use it, as it can be used for IP spoofing (a big hole for security).
Please, for the "X-Forwarded-For" http header consider to add this patch:
http://github.com/tvheadend/tvheadend/pull/640
The idea is put the TvH server behind a strong firewall or loadbalancer.
I'm using router for this for example Mikrotik
every client can have different nat port :9981-2
saen acro wrote:
I'm using router for this for example Mikrotik
every client can have different nat port :9981-2
Yes, but this doesn't work for example with protocols like RTSP (SAT>IP). Also, how we can do loadbalancing with this solution?
I prefer to have support for PROXY-PROTOCOL and "X-Forwarded-For" headers to process the correct origing IP of the client (instead of use the TCP incoming IP address, as it's the one of the proxy/balancer/firewall).
:)
Better to ask about HLS support
SAT>IP out of lan, not good idea.
saen acro wrote:
SAT>IP out of lan, not good idea.
SAT>IP in routed networks works perfect! For example in a Campus environment. However, you need a good firewall for multiple users.
In any case, PROXY-PROTOCOL is a very good functionality.
Also, the "X-Forwarded-For" header is already implemented. The main developer only needs to accept the contribution.
Please, understand that not all user have identical requirements. Not all environments are equal.
- Status changed from New to Rejected
- Parent task set to #4247
Will be fixed in bug #4247.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by