From 481a5bf0c8fbac9c18889341757ee9806d4ebd63 Mon Sep 17 00:00:00 2001
From: Igor Wiedler <iwiedler@gitlab.com>
Date: Mon, 4 May 2020 14:30:39 +0200
Subject: Support for HTTPS over PROXYv2 protocol

---
 server.go | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

(limited to 'server.go')

diff --git a/server.go b/server.go
index 04ba818a..678367a3 100644
--- a/server.go
+++ b/server.go
@@ -9,6 +9,7 @@ import (
 	"time"
 
 	"github.com/gorilla/context"
+	proxyproto "github.com/pires/go-proxyproto"
 	"golang.org/x/net/http2"
 
 	"gitlab.com/gitlab-org/gitlab-pages/internal/netutil"
@@ -36,7 +37,7 @@ func (ln *keepAliveListener) Accept() (net.Conn, error) {
 	return conn, nil
 }
 
-func listenAndServe(fd uintptr, handler http.Handler, useHTTP2 bool, tlsConfig *tls.Config, limiter *netutil.Limiter) error {
+func listenAndServe(fd uintptr, handler http.Handler, useHTTP2 bool, tlsConfig *tls.Config, limiter *netutil.Limiter, proxyv2 bool) error {
 	// create server
 	server := &http.Server{Handler: context.ClearHandler(handler), TLSConfig: tlsConfig}
 
@@ -56,9 +57,20 @@ func listenAndServe(fd uintptr, handler http.Handler, useHTTP2 bool, tlsConfig *
 		l = netutil.SharedLimitListener(l, limiter)
 	}
 
+	l = &keepAliveListener{l}
+
+	if proxyv2 {
+		l = &proxyproto.Listener{
+			Listener: l,
+			Policy: func(upstream net.Addr) (proxyproto.Policy, error) {
+				return proxyproto.REQUIRE, nil
+			},
+		}
+	}
+
 	if tlsConfig != nil {
-		tlsListener := tls.NewListener(&keepAliveListener{l}, server.TLSConfig)
-		return server.Serve(tlsListener)
+		l = tls.NewListener(l, server.TLSConfig)
 	}
-	return server.Serve(&keepAliveListener{l})
+
+	return server.Serve(l)
 }
-- 
cgit v1.2.3