On 7/28/22 22:05, Jacob Champion wrote:
This needs a rebase, but after that I expect it to be RfC.
--Jacob
The new status of this patch is: Waiting on Author
Hello folks,
Thank you all for this awesome work!
I'm looking for this feature for years now. Last year, I've tried to
rebase the p
This needs a rebase, but after that I expect it to be RfC.
--Jacob
The new status of this patch is: Waiting on Author
nfiguration
>
> PostgresSQL has been configured to listen only on its private IP. To enable
> proxy protocol support `proxy_port` has been configured to `5431` and
> `proxy_servers` to `10.0.0.0/24` <http://10.0.0.0/24>. `log_connections`
> has been turned on to make
> sure
ranch (465ab24296).
* psql client is from postgresql-client-13 from Debian 11 repository.
* HAproxy version used is 2.5.5-1~bpo11+1 installed from
https://haproxy.debian.net
# Configuration
PostgresSQL has been configured to listen only on its private IP. To enable
proxy protocol support `proxy_port
On Wed, Mar 9, 2022 at 5:23 PM Peter Eisentraut
wrote:
>
> A general question on this feature: AFAICT, you can only send the proxy
> header once at the beginning of the connection. So this wouldn't be of
> use for PostgreSQL-protocol connection poolers (pgbouncer, pgpool),
> where the same server
A general question on this feature: AFAICT, you can only send the proxy
header once at the beginning of the connection. So this wouldn't be of
use for PostgreSQL-protocol connection poolers (pgbouncer, pgpool),
where the same server connection can be used for clients from different
source addr
On Tue, Nov 16, 2021 at 12:03 AM Jacob Champion wrote:
>
> On Thu, 2021-11-04 at 12:03 +0100, Magnus Hagander wrote:
> > Thanks for the pointer, PFA a rebase.
>
> I think the Unix socket handling needs the same "success" fix that you
> applied to the TCP socket handling above it:
>
> > @@ -1328,9
On Thu, 2021-11-04 at 12:03 +0100, Magnus Hagander wrote:
> Thanks for the pointer, PFA a rebase.
I think the Unix socket handling needs the same "success" fix that you
applied to the TCP socket handling above it:
> @@ -1328,9 +1364,23 @@ PostmasterMain(int argc, char *argv[])
> e
On Wed, Nov 3, 2021 at 2:36 PM Daniel Gustafsson wrote:
> > On 28 Sep 2021, at 15:23, Magnus Hagander wrote:
> > On Fri, Sep 10, 2021 at 1:44 AM Jacob Champion
> wrote:
>
> >> The TAP test will need to be rebased over the changes in 201a76183e.
> >
> > Done
>
> And now the TAP test will need to
> On 28 Sep 2021, at 15:23, Magnus Hagander wrote:
> On Fri, Sep 10, 2021 at 1:44 AM Jacob Champion wrote:
>> The TAP test will need to be rebased over the changes in 201a76183e.
>
> Done
And now the TAP test will need to be rebased over the changes in
b3b4d8e68ae83f432f43f035c7eb481ef93e1583.
On Fri, Sep 10, 2021 at 1:44 AM Jacob Champion wrote:
>
> On Wed, 2021-09-08 at 18:51 +, Jacob Champion wrote:
> > I still owe you that overall review. Hoping to get to it this week.
>
> And here it is. I focused on things other than UnwrapProxyConnection()
> for this round, since I think that
On Wed, 2021-09-08 at 18:51 +, Jacob Champion wrote:
> I still owe you that overall review. Hoping to get to it this week.
And here it is. I focused on things other than UnwrapProxyConnection()
for this round, since I think that piece is looking solid.
> + if (port->isProxy)
> + {
On Tue, 2021-09-07 at 12:24 +0200, Magnus Hagander wrote:
> On Wed, Jul 14, 2021 at 8:24 PM Jacob Champion wrote:
> > On Mon, 2021-07-12 at 18:28 +0200, Magnus Hagander wrote:
> > > Yeah, I have no problem being stricter than necessary, unless that
> > > actually causes any interop problems. It's
On Wed, Jul 14, 2021 at 8:24 PM Jacob Champion wrote:
>
> On Mon, 2021-07-12 at 18:28 +0200, Magnus Hagander wrote:
> > Yeah, I have no problem being stricter than necessary, unless that
> > actually causes any interop problems. It's a lot worse to not be
> > strict enough..
>
> Agreed. Haven't he
On Mon, 2021-07-12 at 18:28 +0200, Magnus Hagander wrote:
> Yeah, I have no problem being stricter than necessary, unless that
> actually causes any interop problems. It's a lot worse to not be
> strict enough..
Agreed. Haven't heard back from the HAProxy mailing list yet, so
staying strict seems
On Fri, Jul 9, 2021 at 1:42 AM Jacob Champion wrote:
>
> Hi Magnus,
>
> I'm only just starting to page this back into my head, so this is by no
> means a full review of the v7 changes -- just stuff I've noticed over
> the last day or so of poking around.
>
> On Tue, 2021-06-29 at 11:48 +0200, Magn
Hi Magnus,
I'm only just starting to page this back into my head, so this is by no
means a full review of the v7 changes -- just stuff I've noticed over
the last day or so of poking around.
On Tue, 2021-06-29 at 11:48 +0200, Magnus Hagander wrote:
> On Thu, Mar 11, 2021 at 12:05 AM Jacob Champion
On Thu, Mar 11, 2021 at 12:05 AM Jacob Champion wrote:
>
> On Tue, 2021-03-09 at 11:25 +0100, Magnus Hagander wrote:
> > I've also added some trivial tests (man that took an ungodly amount of
> > fighting perl -- it's clearly been a long time since I used perl
> > properly).
>
> Yeah. The tests I'
On Tue, Mar 9, 2021 at 11:25 AM Magnus Hagander wrote:
>
> On Sat, Mar 6, 2021 at 5:30 PM Magnus Hagander wrote:
> >
> > On Sat, Mar 6, 2021 at 4:17 PM Magnus Hagander wrote:
> > >
> > > On Fri, Mar 5, 2021 at 8:11 PM Jacob Champion
> > > wrote:
> > > >
> > > > On Fri, 2021-03-05 at 10:22 +010
On Tue, 2021-03-09 at 11:25 +0100, Magnus Hagander wrote:
> I've also added some trivial tests (man that took an ungodly amount of
> fighting perl -- it's clearly been a long time since I used perl
> properly).
Yeah. The tests I'm writing for this and NSS have been the same way;
it's a real proble
On Sat, Mar 6, 2021 at 5:30 PM Magnus Hagander wrote:
>
> On Sat, Mar 6, 2021 at 4:17 PM Magnus Hagander wrote:
> >
> > On Fri, Mar 5, 2021 at 8:11 PM Jacob Champion wrote:
> > >
> > > On Fri, 2021-03-05 at 10:22 +0100, Magnus Hagander wrote:
> > > > On Fri, Mar 5, 2021 at 12:21 AM Jacob Champio
On Sat, Mar 6, 2021 at 4:17 PM Magnus Hagander wrote:
>
> On Fri, Mar 5, 2021 at 8:11 PM Jacob Champion wrote:
> >
> > On Fri, 2021-03-05 at 10:22 +0100, Magnus Hagander wrote:
> > > On Fri, Mar 5, 2021 at 12:21 AM Jacob Champion
> > > wrote:
> > > > The original-host logging isn't working for
On Fri, Mar 5, 2021 at 8:11 PM Jacob Champion wrote:
>
> On Fri, 2021-03-05 at 10:22 +0100, Magnus Hagander wrote:
> > On Fri, Mar 5, 2021 at 12:21 AM Jacob Champion wrote:
> > > The original-host logging isn't working for me:
> > >
> > > [...]
> >
> > That's interesting -- it works perfectly fin
On Fri, 2021-03-05 at 10:22 +0100, Magnus Hagander wrote:
> On Fri, Mar 5, 2021 at 12:21 AM Jacob Champion wrote:
> > A small nitpick on the current separate-port PoC is that I'm forced to
> > set up a "regular" TCP port, even if I only want the PROXY behavior.
>
> Yeah. I'm not sure there's a go
On 5/3/21 10:03, Magnus Hagander wrote:
> On Fri, Mar 5, 2021 at 1:33 AM Álvaro Hernández wrote:
>>
>>
>> On 5/3/21 0:21, Jacob Champion wrote:
>>> On Thu, 2021-03-04 at 21:45 +0100, Magnus Hagander wrote:
On Thu, Mar 4, 2021 at 9:07 PM Jacob Champion wrote:
> Idle thought I had while
On Fri, Mar 5, 2021 at 12:21 AM Jacob Champion wrote:
>
> On Thu, 2021-03-04 at 21:45 +0100, Magnus Hagander wrote:
> > On Thu, Mar 4, 2021 at 9:07 PM Jacob Champion wrote:
> > > Idle thought I had while setting up a local test rig: Are there any
> > > compelling cases for allowing PROXY packets
On Fri, Mar 5, 2021 at 12:08 AM Tatsuo Ishii wrote:
>
> >> On Thu, 2021-03-04 at 10:42 +0900, Tatsuo Ishii wrote:
> >> > Is there any formal specification for the "a protocol common and very
> >> > light weight in proxies"?
> >>
> >> See
> >>
> >> https://www.haproxy.org/download/1.8/doc/proxy
On Fri, Mar 5, 2021 at 1:33 AM Álvaro Hernández wrote:
>
>
>
> On 5/3/21 0:21, Jacob Champion wrote:
> > On Thu, 2021-03-04 at 21:45 +0100, Magnus Hagander wrote:
> >> On Thu, Mar 4, 2021 at 9:07 PM Jacob Champion wrote:
> >>> Idle thought I had while setting up a local test rig: Are there any
>
On Fri, Mar 5, 2021 at 12:57 AM Hannu Krosing wrote:
>
> The current proposal seems to miss the case of transaction pooling
> (and statement pooling) where the same established connection
> multiplexes transactions / statements from multiple remote clients.
Not at all.
The current proposal is th
On 5/3/21 0:21, Jacob Champion wrote:
> On Thu, 2021-03-04 at 21:45 +0100, Magnus Hagander wrote:
>> On Thu, Mar 4, 2021 at 9:07 PM Jacob Champion wrote:
>>> Idle thought I had while setting up a local test rig: Are there any
>>> compelling cases for allowing PROXY packets to arrive over Unix
>
The current proposal seems to miss the case of transaction pooling
(and statement pooling) where the same established connection
multiplexes transactions / statements from multiple remote clients.
What we would need for that case would be a functionl
pg_set_remote_client_address( be_key, remote_i
On Thu, 2021-03-04 at 21:45 +0100, Magnus Hagander wrote:
> On Thu, Mar 4, 2021 at 9:07 PM Jacob Champion wrote:
> > Idle thought I had while setting up a local test rig: Are there any
> > compelling cases for allowing PROXY packets to arrive over Unix
> > sockets? (By which I mean, the proxy is r
>> On Thu, 2021-03-04 at 10:42 +0900, Tatsuo Ishii wrote:
>> > Is there any formal specification for the "a protocol common and very
>> > light weight in proxies"?
>>
>> See
>>
>> https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
>
> Yeah, it's currently in one of the comments, but sh
On Thu, Mar 4, 2021 at 10:01 PM Jan Wieck wrote:
>
> On 3/4/21 3:40 PM, Magnus Hagander wrote:
> > On Thu, Mar 4, 2021 at 9:29 PM Jan Wieck wrote:
> >> This looks like it would only need a few extra protocol messages to be
> >> understood by the backend. It might be possible to implement that wit
On 3/4/21 3:40 PM, Magnus Hagander wrote:
On Thu, Mar 4, 2021 at 9:29 PM Jan Wieck wrote:
This looks like it would only need a few extra protocol messages to be
understood by the backend. It might be possible to implement that with
the loadable wire protocol extensions proposed here:
https://c
On Thu, Mar 4, 2021 at 8:45 PM Jacob Champion wrote:
>
> On Thu, 2021-03-04 at 10:42 +0900, Tatsuo Ishii wrote:
> > Is there any formal specification for the "a protocol common and very
> > light weight in proxies"?
>
> See
>
> https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
Yeah,
On Thu, Mar 4, 2021 at 9:07 PM Jacob Champion wrote:
>
> On Wed, 2021-03-03 at 10:39 +0100, Magnus Hagander wrote:
> > On Wed, Mar 3, 2021 at 10:00 AM Magnus Hagander wrote:
> > > Another option would of course be to listen on a separate port for it,
> > > which seems to be the "haproxy way". Tha
On Thu, Mar 4, 2021 at 9:29 PM Jan Wieck wrote:
>
> On 3/4/21 2:45 PM, Jacob Champion wrote:
> > On Thu, 2021-03-04 at 10:42 +0900, Tatsuo Ishii wrote:
> >> Is there any formal specification for the "a protocol common and very
> >> light weight in proxies"?
> >
> > See
> >
> > https://www.hap
On 3/4/21 2:45 PM, Jacob Champion wrote:
On Thu, 2021-03-04 at 10:42 +0900, Tatsuo Ishii wrote:
Is there any formal specification for the "a protocol common and very
light weight in proxies"?
See
https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
which is maintained by HAProxy
On Wed, 2021-03-03 at 10:39 +0100, Magnus Hagander wrote:
> On Wed, Mar 3, 2021 at 10:00 AM Magnus Hagander wrote:
> > Another option would of course be to listen on a separate port for it,
> > which seems to be the "haproxy way". That would be slightly more code
> > (we'd still want to keep the c
On Thu, 2021-03-04 at 10:42 +0900, Tatsuo Ishii wrote:
> Is there any formal specification for the "a protocol common and very
> light weight in proxies"?
See
https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
which is maintained by HAProxy Technologies.
--Jacob
> PFA a simple patch that implements support for the PROXY protocol.
>
> This is a protocol common and very light weight in proxies and load
> balancers (haproxy is one common example, but also for example the AWS
> cloud load balancers). Basically this protocol prefixes the normal
> connection w
+10 on this one!
Hosting a farm of read replicas and r/w endpoint behind an HAproxy makes
the powerful pg_hba purpose by hiding the real source address... which is
bad for some environments with strict conformance and audit requirements
Le mar. 2 mars 2021 à 12:43, Magnus Hagander a écrit :
>
On Wed, Mar 3, 2021 at 10:00 AM Magnus Hagander wrote:
>
> On Wed, Mar 3, 2021 at 1:50 AM Jacob Champion wrote:
> >
> > On Tue, 2021-03-02 at 18:43 +0100, Magnus Hagander wrote:
> > > PFA a simple patch that implements support for the PROXY protocol.
> >
> > I'm not all the way through the patch
On Wed, Mar 3, 2021 at 1:50 AM Jacob Champion wrote:
>
> On Tue, 2021-03-02 at 18:43 +0100, Magnus Hagander wrote:
> > PFA a simple patch that implements support for the PROXY protocol.
>
> I'm not all the way through the patch yet, but this part jumped out at
> me:
>
> > + if (memcmp(proxyhea
On Tue, 2021-03-02 at 18:43 +0100, Magnus Hagander wrote:
> PFA a simple patch that implements support for the PROXY protocol.
I'm not all the way through the patch yet, but this part jumped out at
me:
> + if (memcmp(proxyheader.sig,
> "\x0d\x0a\x0d\x0a\x00\x0d\x0a\x51\x55\x49\x54\x0a", size
Hi,
On Tue, 2 Mar 2021 at 14:43, Magnus Hagander wrote:
> PFA a simple patch that implements support for the PROXY protocol.
Nice. I didn't know I needed this. But in hindsight, I would've used
it quite a few times in the past if I could have.
> The implementation adds a parameter named proxy_s
PFA a simple patch that implements support for the PROXY protocol.
This is a protocol common and very light weight in proxies and load
balancers (haproxy is one common example, but also for example the AWS
cloud load balancers). Basically this protocol prefixes the normal
connection with a header
he
> PROXY protocol in MaxScale (proxy) and MariaDB Server in recent
> versions.
>
> My question is, what do you think of this feature? Is it worth to spend
> time implementing it in PostgreSQL or not?
>
> Links:
> - http://www.haproxy.org/download/1.8/doc/proxy-protocol.tx
Is it worth to spend
time implementing it in PostgreSQL or not?
Links:
- http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
- https://mariadb.com/kb/en/library/proxy-protocol-support/
Thanks,
Julien
PS: I've already sent this message to a wrong mailing list. Stephen
Frost said it&#
On May 19, 2019 5:59:04 PM GMT+02:00, Stephen Frost wrote:
>Greetings,
>
>* Julien Riou (jul...@riou.xyz) wrote:
>> Nowadays, PostgreSQL is often used behind proxies. Some are
>PostgreSQL
>> protocol aware (Pgpool, PgBouncer), some are pure TCP (HAProxy). From
>> the database instance point of vie
Greetings,
* Julien Riou (jul...@riou.xyz) wrote:
> Nowadays, PostgreSQL is often used behind proxies. Some are PostgreSQL
> protocol aware (Pgpool, PgBouncer), some are pure TCP (HAProxy). From
> the database instance point of view, all clients come from the proxy.
>
> There are two major proble
ting it in PostgreSQL or not?
Links:
- http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
- https://mariadb.com/kb/en/library/proxy-protocol-support/
Thanks,
Julien
PS: I've already sent this message to a wrong mailing list. Stephen
Frost said it's implemented in pgbouncer but all I
53 matches
Mail list logo
