Subj : Re: synchronet behind a reverse proxy
To   : martylake
From : echicken
Date : Sat Nov 27 2021 15:06:58

  Re: Re: synchronet behind a reverse proxy
  By: martylake to echicken on Sat Nov 27 2021 00:53:34

 ma> The receiver MUST be configured to only receive the protocol described in
 ma> this specification and MUST not try to guess whether the protocol header
 ma> is present or not. This means that the protocol explicitly prevents port

Technically that's a different scenario. The websocket server would always send the PROXY header, it just wouldn't always reflect the "true" client IP address.

 ma> So I think that 
 >> the websocket service terminating if the HAPROXY PROTO option is set
 >> and the X-Forwarded-For header is absent
 ma> really is the *expected and correct* behavior.

I agree. Just wanted someone else to agree with me before I made it the default behaviour. We can always adjust later.

 ma> So, instead of connecting at forum.talbot.audio, I connect at
 ma> localhost:8880 (overriden port for http). Is this equivalent to (remove
 ma> the HTTP reverse proxy) ?

Yep, if localhost:8880 is what your BBS webserver actually listens on, and is what the reverse proxy treats as upstream, then it's the same effect.

Okay, so it sounds like various cases are being handled as expected. I'll merge this in later today.

Thanks for your help with testing all of that - I made these changes without actually running any of the scripts myself.
  
---  
echicken   
electronic chicken bbs - bbs.electronicchicken.com
---
 þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
 * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

.