The Ultimate Guide to High Availability with MariaDB

Proxy protocol support

You are viewing an old version of this article. View the current version here.

Starting with version 10.3, MariaDB server supports proxy protocol .

The proxy protocol allows proxy programs to relay the IP of the clients to the server programs. It is important in case of MariaDB, since IP information is actually a part of user identity.

How proxy protocol works.

As per specification, https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt , connecting client can prefix its first packet(client authentication packet) by a proxy protocol header. Server then handles subsequent request from this client as if the come from client-IP taken the proxy protocol header.

E.g if the proxy header is "PROXY TCP4 192.168.0.1 192.168.0.11 56324 443\r\n", server would assume the client's IP is 192.168.0.1

MariaDB server supports both text and binary versio

Enabling proxy protocol in MariaDB

To enable use of the proxy protocol, it is necessary to specify subnetworks that are allowed to send proxy header, using proxy-protocol-networks server variable.

proxy-protocol-networks is a either comma-separated list of CIDR-subnet formatted subnetworks(IP/mask, as in https://en.wikipedia.org/wiki/Subnetwork), IP addresses. One also can use 'localhost' in this list, which means unix domain socket/named pipe/shared memory connections are allowed as well. Or, proxy-protocol-networks can be set to * , meaning that proxy header is allowed from any client. * should be used with extreme care, it might have security implication.

Example proxy-protocol-networks=::1, 192.168.0.0/16 ,localhost

allows IPv6 connection from local machine ::1, from IP addresses starting with 192.128, and from connections made with unix domain socket or named pipe

Client support

Since the functionality is suited only to very specific proxy-like programs, most client APIs do not provide support for sending proxy headers. One exception is Connector/C version 3 or later. One can now use

mysql_optionsv(mysql, MARIADB_OPT_PROXY_HEADER, header, header_size)

to send the header. In the call above _header_ is the proxy header, and _header_size_ is its size in bytes.

Comments

Comments loading...
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.