Add forwarded headers on entry point configuration

2019-01-15 09:44:03 +01:00 · 2019-01-15 09:44:03 +01:00 · a79d6aa669
commit a79d6aa669
parent 7efafa5a2c
9 changed files with 239 additions and 23 deletions
--- a/config/static/entrypoints.go
+++ b/config/static/entrypoints.go
@ -10,10 +10,17 @@ import (

 // EntryPoint holds the entry point configuration.
 type EntryPoint struct {
-	Address       string
-	Transport     *EntryPointsTransport
-	TLS           *tls.TLS
-	ProxyProtocol *ProxyProtocol
+	Address          string
+	Transport        *EntryPointsTransport
+	TLS              *tls.TLS
+	ProxyProtocol    *ProxyProtocol
+	ForwardedHeaders *ForwardedHeaders
+}
+
+// ForwardedHeaders Trust client forwarding headers.
+type ForwardedHeaders struct {
+	Insecure   bool
+	TrustedIPs []string
 }

 // ProxyProtocol contains Proxy-Protocol configuration.
@ -64,9 +71,10 @@ func (ep *EntryPoints) Set(value string) error {
 	}

 	(*ep)[result["name"]] = &EntryPoint{
-		Address:       result["address"],
-		TLS:           configTLS,
-		ProxyProtocol: makeEntryPointProxyProtocol(result),
+		Address:          result["address"],
+		TLS:              configTLS,
+		ProxyProtocol:    makeEntryPointProxyProtocol(result),
+		ForwardedHeaders: makeEntryPointForwardedHeaders(result),
 	}

 	return nil
@ -167,3 +175,15 @@ func toBool(conf map[string]string, key string) bool {
 	}
 	return false
 }
+
+func makeEntryPointForwardedHeaders(result map[string]string) *ForwardedHeaders {
+	forwardedHeaders := &ForwardedHeaders{}
+	forwardedHeaders.Insecure = toBool(result, "forwardedheaders_insecure")
+
+	fhTrustedIPs := result["forwardedheaders_trustedips"]
+	if len(fhTrustedIPs) > 0 {
+		forwardedHeaders.TrustedIPs = strings.Split(fhTrustedIPs, ",")
+	}
+
+	return forwardedHeaders
+}
--- a/config/static/entrypoints_test.go
+++ b/config/static/entrypoints_test.go
@ -206,6 +206,7 @@ func TestEntryPoints_Set(t *testing.T) {
 					Insecure:   false,
 					TrustedIPs: []string{"192.168.0.1"},
 				},
+				ForwardedHeaders: &ForwardedHeaders{},
 				// FIXME Test ServersTransport
 			},
 		},
@ -234,6 +235,7 @@ func TestEntryPoints_Set(t *testing.T) {
 					Insecure:   false,
 					TrustedIPs: []string{"192.168.0.1"},
 				},
+				ForwardedHeaders: &ForwardedHeaders{},
 				// FIXME Test ServersTransport
 			},
 		},
@ -241,14 +243,17 @@ func TestEntryPoints_Set(t *testing.T) {
 			name:                   "default",
 			expression:             "Name:foo",
 			expectedEntryPointName: "foo",
-			expectedEntryPoint:     &EntryPoint{},
+			expectedEntryPoint: &EntryPoint{
+				ForwardedHeaders: &ForwardedHeaders{},
+			},
 		},
 		{
 			name:                   "ProxyProtocol insecure true",
 			expression:             "Name:foo ProxyProtocol.insecure:true",
 			expectedEntryPointName: "foo",
 			expectedEntryPoint: &EntryPoint{
-				ProxyProtocol: &ProxyProtocol{Insecure: true},
+				ProxyProtocol:    &ProxyProtocol{Insecure: true},
+				ForwardedHeaders: &ForwardedHeaders{},
 			},
 		},
 		{
@ -256,7 +261,8 @@ func TestEntryPoints_Set(t *testing.T) {
 			expression:             "Name:foo ProxyProtocol.insecure:false",
 			expectedEntryPointName: "foo",
 			expectedEntryPoint: &EntryPoint{
-				ProxyProtocol: &ProxyProtocol{},
+				ProxyProtocol:    &ProxyProtocol{},
+				ForwardedHeaders: &ForwardedHeaders{},
 			},
 		},
 		{
@ -267,6 +273,7 @@ func TestEntryPoints_Set(t *testing.T) {
 				ProxyProtocol: &ProxyProtocol{
 					TrustedIPs: []string{"10.0.0.3/24", "20.0.0.3/24"},
 				},
+				ForwardedHeaders: &ForwardedHeaders{},
 			},
 		},
 	}
--- a/config/static/static_config.go
+++ b/config/static/static_config.go
@ -184,7 +184,10 @@ func (c *Configuration) SetEffectiveConfiguration(configFile string) {
 			entryPoint.Transport.RespondingTimeouts = &RespondingTimeouts{
 				IdleTimeout: parse.Duration(DefaultIdleTimeout),
 			}
+		}

+		if entryPoint.ForwardedHeaders == nil {
+			entryPoint.ForwardedHeaders = &ForwardedHeaders{}
 		}
 	}