Comments (4)
Ghostunnel is a just transport layer proxy, it is agnostic about the protocol running on top. Any mechanism for preserving information about originators of requests would have to be application-specific (such as a X-Forwarded-IP header in an HTTP request). I'm not very familiar with Redis replication but I believe there is no mechanism for that at the moment.
from ghostunnel.
Hey @satheeshaGowda, I'm not sure if that solves your problem, but Redis has some options where you can specify what IP/PORT is being announced by sentinel (in sentinel.conf
):
# sentinel announce-ip <ip>
# sentinel announce-port <port>
or the node itself (in redis.conf
):
# slave-announce-ip <ip>
# slave-announce-port <port>
from ghostunnel.
I'm not sure there's a straightforward solution to this problem. When a connection comes in, it'll be TCP & TLS terminated, and then the server will see a localhost src IP.
To support having the "real" client IP as the source, you'd have to have something rewrite the source IP to be the real one, and ensure traffic sent back is routed appropriately to localhost.
I think either you'd need to do something in the OS network stack (ie, have ghostunnel install a NAT rule per incoming IP), and probably use network namespaces to isolate that.... Seems really messy.
Either that or some other mechanism to convince the service it's talking to the real client IP... I have no idea how to do this successfully in Linux.
It's certainly possible (Amazon's NLBs when TLS terminating do this, just announced). But doing it when you don't control the whole network stack; that seems trickier.
I don't think any of the existing ghostunnel contributers have the time to design and implement this, though if there's a reasonable design proposed, we may be able to accept an implementation.
from ghostunnel.
Update: Just merged support for the PROXY protocol (see #207), which could help with this if Redis also adopts support for the PROXY protocol.
from ghostunnel.
Related Issues (20)
- Replace in go.mod disallows installation using go install HOT 5
- Keystore passwd cannot set HOT 2
- Q: Is it possible to configure ghostunnel to skip the host verification during the TLS handshake? HOT 1
- Open Policy Agent support? HOT 7
- Support for OPA policies hot-reload and re-authorizing existing connections HOT 5
- CVE-2022-37434 HOT 6
- Help not show how to set cert HOT 1
- keystore password not working HOT 6
- GLIBC too old HOT 7
- Can't build HOT 2
- x/text dependendy should be updated to latest version for CVE-2022-32149 HOT 4
- PKCS11 tokens that don't support RSA-PSS don't work. We should make sure the mechanism is supported or handle the error HOT 3
- Windows binary .exe extension is missing HOT 1
- Add linux arm64 binaries in the official releases ? HOT 2
- Trying to use ghostunnel in client mode only to connect directly to a mysql server. Is this even possible? HOT 1
- Any plans to support DTLS? HOT 2
- Release 1.7.2 is missing binary ghostunnel-linux-amd64 HOT 2
- Getting the error while running in windows. for workload api (spiffe/error: Failed to watch the Workload API : rpc error: code = Unavailable desc = connection error: desc = "transport: Erro r while dialing: open \\.\pipe\backend-agent\public\api: The system cannot find the file specified.") HOT 3
- Workload API is not working in Windows. HOT 1
- spire for cert, no client validation fails HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ghostunnel.