On 7/28/22 22:05, Jacob Champion wrote:
This needs a rebase, but after that I expect it to be RfC.
--Jacob
The new status of this patch is: Waiting on Author
Hello folks,
Thank you all for this awesome work!
I'm looking for this feature for years now. Last year, I've tried to
rebase the p
This needs a rebase, but after that I expect it to be RfC.
--Jacob
The new status of this patch is: Waiting on Author
On Sat, Apr 2, 2022 at 12:17 AM wilfried roset
wrote:
> Hi,
>
> I've been able to test the patch. Here is a recap of the experimentation.
>
> # Setup
>
> All tests have been done witch 3 VMs (PostgreSQL, HAproxy, psql client) on
> Debian 11 communicating over private network.
> * PostgreSQL have
Hi,
I've been able to test the patch. Here is a recap of the experimentation.
# Setup
All tests have been done witch 3 VMs (PostgreSQL, HAproxy, psql client) on
Debian 11 communicating over private network.
* PostgreSQL have been built with proxy_protocol_11.patch applied on master
branch (465a
On Wed, Mar 9, 2022 at 5:23 PM Peter Eisentraut
wrote:
>
> A general question on this feature: AFAICT, you can only send the proxy
> header once at the beginning of the connection. So this wouldn't be of
> use for PostgreSQL-protocol connection poolers (pgbouncer, pgpool),
> where the same server
A general question on this feature: AFAICT, you can only send the proxy
header once at the beginning of the connection. So this wouldn't be of
use for PostgreSQL-protocol connection poolers (pgbouncer, pgpool),
where the same server connection can be used for clients from different
source addr
On Tue, Nov 16, 2021 at 12:03 AM Jacob Champion wrote:
>
> On Thu, 2021-11-04 at 12:03 +0100, Magnus Hagander wrote:
> > Thanks for the pointer, PFA a rebase.
>
> I think the Unix socket handling needs the same "success" fix that you
> applied to the TCP socket handling above it:
>
> > @@ -1328,9
On Thu, 2021-11-04 at 12:03 +0100, Magnus Hagander wrote:
> Thanks for the pointer, PFA a rebase.
I think the Unix socket handling needs the same "success" fix that you
applied to the TCP socket handling above it:
> @@ -1328,9 +1364,23 @@ PostmasterMain(int argc, char *argv[])
> e
On Wed, Nov 3, 2021 at 2:36 PM Daniel Gustafsson wrote:
> > On 28 Sep 2021, at 15:23, Magnus Hagander wrote:
> > On Fri, Sep 10, 2021 at 1:44 AM Jacob Champion
> wrote:
>
> >> The TAP test will need to be rebased over the changes in 201a76183e.
> >
> > Done
>
> And now the TAP test will need to
> On 28 Sep 2021, at 15:23, Magnus Hagander wrote:
> On Fri, Sep 10, 2021 at 1:44 AM Jacob Champion wrote:
>> The TAP test will need to be rebased over the changes in 201a76183e.
>
> Done
And now the TAP test will need to be rebased over the changes in
b3b4d8e68ae83f432f43f035c7eb481ef93e1583.
On Fri, Sep 10, 2021 at 1:44 AM Jacob Champion wrote:
>
> On Wed, 2021-09-08 at 18:51 +, Jacob Champion wrote:
> > I still owe you that overall review. Hoping to get to it this week.
>
> And here it is. I focused on things other than UnwrapProxyConnection()
> for this round, since I think that
On Wed, 2021-09-08 at 18:51 +, Jacob Champion wrote:
> I still owe you that overall review. Hoping to get to it this week.
And here it is. I focused on things other than UnwrapProxyConnection()
for this round, since I think that piece is looking solid.
> + if (port->isProxy)
> + {
On Tue, 2021-09-07 at 12:24 +0200, Magnus Hagander wrote:
> On Wed, Jul 14, 2021 at 8:24 PM Jacob Champion wrote:
> > On Mon, 2021-07-12 at 18:28 +0200, Magnus Hagander wrote:
> > > Yeah, I have no problem being stricter than necessary, unless that
> > > actually causes any interop problems. It's
On Wed, Jul 14, 2021 at 8:24 PM Jacob Champion wrote:
>
> On Mon, 2021-07-12 at 18:28 +0200, Magnus Hagander wrote:
> > Yeah, I have no problem being stricter than necessary, unless that
> > actually causes any interop problems. It's a lot worse to not be
> > strict enough..
>
> Agreed. Haven't he
On Mon, 2021-07-12 at 18:28 +0200, Magnus Hagander wrote:
> Yeah, I have no problem being stricter than necessary, unless that
> actually causes any interop problems. It's a lot worse to not be
> strict enough..
Agreed. Haven't heard back from the HAProxy mailing list yet, so
staying strict seems
On Fri, Jul 9, 2021 at 1:42 AM Jacob Champion wrote:
>
> Hi Magnus,
>
> I'm only just starting to page this back into my head, so this is by no
> means a full review of the v7 changes -- just stuff I've noticed over
> the last day or so of poking around.
>
> On Tue, 2021-06-29 at 11:48 +0200, Magn
Hi Magnus,
I'm only just starting to page this back into my head, so this is by no
means a full review of the v7 changes -- just stuff I've noticed over
the last day or so of poking around.
On Tue, 2021-06-29 at 11:48 +0200, Magnus Hagander wrote:
> On Thu, Mar 11, 2021 at 12:05 AM Jacob Champion
On Thu, Mar 11, 2021 at 12:05 AM Jacob Champion wrote:
>
> On Tue, 2021-03-09 at 11:25 +0100, Magnus Hagander wrote:
> > I've also added some trivial tests (man that took an ungodly amount of
> > fighting perl -- it's clearly been a long time since I used perl
> > properly).
>
> Yeah. The tests I'
On Tue, Mar 9, 2021 at 11:25 AM Magnus Hagander wrote:
>
> On Sat, Mar 6, 2021 at 5:30 PM Magnus Hagander wrote:
> >
> > On Sat, Mar 6, 2021 at 4:17 PM Magnus Hagander wrote:
> > >
> > > On Fri, Mar 5, 2021 at 8:11 PM Jacob Champion
> > > wrote:
> > > >
> > > > On Fri, 2021-03-05 at 10:22 +010
On Tue, 2021-03-09 at 11:25 +0100, Magnus Hagander wrote:
> I've also added some trivial tests (man that took an ungodly amount of
> fighting perl -- it's clearly been a long time since I used perl
> properly).
Yeah. The tests I'm writing for this and NSS have been the same way;
it's a real proble
On Sat, Mar 6, 2021 at 5:30 PM Magnus Hagander wrote:
>
> On Sat, Mar 6, 2021 at 4:17 PM Magnus Hagander wrote:
> >
> > On Fri, Mar 5, 2021 at 8:11 PM Jacob Champion wrote:
> > >
> > > On Fri, 2021-03-05 at 10:22 +0100, Magnus Hagander wrote:
> > > > On Fri, Mar 5, 2021 at 12:21 AM Jacob Champio
On Sat, Mar 6, 2021 at 4:17 PM Magnus Hagander wrote:
>
> On Fri, Mar 5, 2021 at 8:11 PM Jacob Champion wrote:
> >
> > On Fri, 2021-03-05 at 10:22 +0100, Magnus Hagander wrote:
> > > On Fri, Mar 5, 2021 at 12:21 AM Jacob Champion
> > > wrote:
> > > > The original-host logging isn't working for
On Fri, Mar 5, 2021 at 8:11 PM Jacob Champion wrote:
>
> On Fri, 2021-03-05 at 10:22 +0100, Magnus Hagander wrote:
> > On Fri, Mar 5, 2021 at 12:21 AM Jacob Champion wrote:
> > > The original-host logging isn't working for me:
> > >
> > > [...]
> >
> > That's interesting -- it works perfectly fin
On Fri, 2021-03-05 at 10:22 +0100, Magnus Hagander wrote:
> On Fri, Mar 5, 2021 at 12:21 AM Jacob Champion wrote:
> > A small nitpick on the current separate-port PoC is that I'm forced to
> > set up a "regular" TCP port, even if I only want the PROXY behavior.
>
> Yeah. I'm not sure there's a go
On 5/3/21 10:03, Magnus Hagander wrote:
> On Fri, Mar 5, 2021 at 1:33 AM Álvaro Hernández wrote:
>>
>>
>> On 5/3/21 0:21, Jacob Champion wrote:
>>> On Thu, 2021-03-04 at 21:45 +0100, Magnus Hagander wrote:
On Thu, Mar 4, 2021 at 9:07 PM Jacob Champion wrote:
> Idle thought I had while
On Fri, Mar 5, 2021 at 12:21 AM Jacob Champion wrote:
>
> On Thu, 2021-03-04 at 21:45 +0100, Magnus Hagander wrote:
> > On Thu, Mar 4, 2021 at 9:07 PM Jacob Champion wrote:
> > > Idle thought I had while setting up a local test rig: Are there any
> > > compelling cases for allowing PROXY packets
On Fri, Mar 5, 2021 at 12:08 AM Tatsuo Ishii wrote:
>
> >> On Thu, 2021-03-04 at 10:42 +0900, Tatsuo Ishii wrote:
> >> > Is there any formal specification for the "a protocol common and very
> >> > light weight in proxies"?
> >>
> >> See
> >>
> >> https://www.haproxy.org/download/1.8/doc/proxy
On Fri, Mar 5, 2021 at 1:33 AM Álvaro Hernández wrote:
>
>
>
> On 5/3/21 0:21, Jacob Champion wrote:
> > On Thu, 2021-03-04 at 21:45 +0100, Magnus Hagander wrote:
> >> On Thu, Mar 4, 2021 at 9:07 PM Jacob Champion wrote:
> >>> Idle thought I had while setting up a local test rig: Are there any
>
On Fri, Mar 5, 2021 at 12:57 AM Hannu Krosing wrote:
>
> The current proposal seems to miss the case of transaction pooling
> (and statement pooling) where the same established connection
> multiplexes transactions / statements from multiple remote clients.
Not at all.
The current proposal is th
On 5/3/21 0:21, Jacob Champion wrote:
> On Thu, 2021-03-04 at 21:45 +0100, Magnus Hagander wrote:
>> On Thu, Mar 4, 2021 at 9:07 PM Jacob Champion wrote:
>>> Idle thought I had while setting up a local test rig: Are there any
>>> compelling cases for allowing PROXY packets to arrive over Unix
>
The current proposal seems to miss the case of transaction pooling
(and statement pooling) where the same established connection
multiplexes transactions / statements from multiple remote clients.
What we would need for that case would be a functionl
pg_set_remote_client_address( be_key, remote_i
On Thu, 2021-03-04 at 21:45 +0100, Magnus Hagander wrote:
> On Thu, Mar 4, 2021 at 9:07 PM Jacob Champion wrote:
> > Idle thought I had while setting up a local test rig: Are there any
> > compelling cases for allowing PROXY packets to arrive over Unix
> > sockets? (By which I mean, the proxy is r
>> On Thu, 2021-03-04 at 10:42 +0900, Tatsuo Ishii wrote:
>> > Is there any formal specification for the "a protocol common and very
>> > light weight in proxies"?
>>
>> See
>>
>> https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
>
> Yeah, it's currently in one of the comments, but sh
On Thu, Mar 4, 2021 at 10:01 PM Jan Wieck wrote:
>
> On 3/4/21 3:40 PM, Magnus Hagander wrote:
> > On Thu, Mar 4, 2021 at 9:29 PM Jan Wieck wrote:
> >> This looks like it would only need a few extra protocol messages to be
> >> understood by the backend. It might be possible to implement that wit
On 3/4/21 3:40 PM, Magnus Hagander wrote:
On Thu, Mar 4, 2021 at 9:29 PM Jan Wieck wrote:
This looks like it would only need a few extra protocol messages to be
understood by the backend. It might be possible to implement that with
the loadable wire protocol extensions proposed here:
https://c
On Thu, Mar 4, 2021 at 8:45 PM Jacob Champion wrote:
>
> On Thu, 2021-03-04 at 10:42 +0900, Tatsuo Ishii wrote:
> > Is there any formal specification for the "a protocol common and very
> > light weight in proxies"?
>
> See
>
> https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
Yeah,
On Thu, Mar 4, 2021 at 9:07 PM Jacob Champion wrote:
>
> On Wed, 2021-03-03 at 10:39 +0100, Magnus Hagander wrote:
> > On Wed, Mar 3, 2021 at 10:00 AM Magnus Hagander wrote:
> > > Another option would of course be to listen on a separate port for it,
> > > which seems to be the "haproxy way". Tha
On Thu, Mar 4, 2021 at 9:29 PM Jan Wieck wrote:
>
> On 3/4/21 2:45 PM, Jacob Champion wrote:
> > On Thu, 2021-03-04 at 10:42 +0900, Tatsuo Ishii wrote:
> >> Is there any formal specification for the "a protocol common and very
> >> light weight in proxies"?
> >
> > See
> >
> > https://www.hap
On 3/4/21 2:45 PM, Jacob Champion wrote:
On Thu, 2021-03-04 at 10:42 +0900, Tatsuo Ishii wrote:
Is there any formal specification for the "a protocol common and very
light weight in proxies"?
See
https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
which is maintained by HAProxy
On Wed, 2021-03-03 at 10:39 +0100, Magnus Hagander wrote:
> On Wed, Mar 3, 2021 at 10:00 AM Magnus Hagander wrote:
> > Another option would of course be to listen on a separate port for it,
> > which seems to be the "haproxy way". That would be slightly more code
> > (we'd still want to keep the c
On Thu, 2021-03-04 at 10:42 +0900, Tatsuo Ishii wrote:
> Is there any formal specification for the "a protocol common and very
> light weight in proxies"?
See
https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
which is maintained by HAProxy Technologies.
--Jacob
> PFA a simple patch that implements support for the PROXY protocol.
>
> This is a protocol common and very light weight in proxies and load
> balancers (haproxy is one common example, but also for example the AWS
> cloud load balancers). Basically this protocol prefixes the normal
> connection w
+10 on this one!
Hosting a farm of read replicas and r/w endpoint behind an HAproxy makes
the powerful pg_hba purpose by hiding the real source address... which is
bad for some environments with strict conformance and audit requirements
Le mar. 2 mars 2021 à 12:43, Magnus Hagander a écrit :
>
On Wed, Mar 3, 2021 at 10:00 AM Magnus Hagander wrote:
>
> On Wed, Mar 3, 2021 at 1:50 AM Jacob Champion wrote:
> >
> > On Tue, 2021-03-02 at 18:43 +0100, Magnus Hagander wrote:
> > > PFA a simple patch that implements support for the PROXY protocol.
> >
> > I'm not all the way through the patch
On Wed, Mar 3, 2021 at 1:50 AM Jacob Champion wrote:
>
> On Tue, 2021-03-02 at 18:43 +0100, Magnus Hagander wrote:
> > PFA a simple patch that implements support for the PROXY protocol.
>
> I'm not all the way through the patch yet, but this part jumped out at
> me:
>
> > + if (memcmp(proxyhea
On Tue, 2021-03-02 at 18:43 +0100, Magnus Hagander wrote:
> PFA a simple patch that implements support for the PROXY protocol.
I'm not all the way through the patch yet, but this part jumped out at
me:
> + if (memcmp(proxyheader.sig,
> "\x0d\x0a\x0d\x0a\x00\x0d\x0a\x51\x55\x49\x54\x0a", size
Hi,
On Tue, 2 Mar 2021 at 14:43, Magnus Hagander wrote:
> PFA a simple patch that implements support for the PROXY protocol.
Nice. I didn't know I needed this. But in hindsight, I would've used
it quite a few times in the past if I could have.
> The implementation adds a parameter named proxy_s
+1 on this one...
MySQL and derivatives support it very well.. it is a standard that can be
used with either haproxy or better, ProxySQL.
Would be nice to have it in core.
It is a show stopper for us to use proxying because of compliance and
tracability reasons.
Le dim. 19 mai 2019 11:36 AM,
On 19.05.2019 18:36, Julien Riou wrote:
Hello,
Nowadays, PostgreSQL is often used behind proxies. Some are PostgreSQL
protocol aware (Pgpool, PgBouncer), some are pure TCP (HAProxy). From
the database instance point of view, all clients come from the proxy.
There are two major problems with
On May 19, 2019 5:59:04 PM GMT+02:00, Stephen Frost wrote:
>Greetings,
>
>* Julien Riou (jul...@riou.xyz) wrote:
>> Nowadays, PostgreSQL is often used behind proxies. Some are
>PostgreSQL
>> protocol aware (Pgpool, PgBouncer), some are pure TCP (HAProxy). From
>> the database instance point of vie
Greetings,
* Julien Riou (jul...@riou.xyz) wrote:
> Nowadays, PostgreSQL is often used behind proxies. Some are PostgreSQL
> protocol aware (Pgpool, PgBouncer), some are pure TCP (HAProxy). From
> the database instance point of view, all clients come from the proxy.
>
> There are two major proble
51 matches
Mail list logo
