go-mmproxy icon indicating copy to clipboard operation
go-mmproxy copied to clipboard
verified publisher icon path-network

failed to parse PROXY header

Open dandreossi opened this issue 2 years ago • 7 comments

I run go-mmproxy with this command

sudo /root/go/bin/go-mmproxy -l 0.0.0.0:22 -4 xxx.xxx.xxx.xxx:22 -v 2

As I want to proxy an ssh connection to the xxx.xxx.xxx.xxx server.

But when i try to connect I get

{"time":"2024-01-17T01:58:54.966455461+01:00","level":"DEBUG","msg":"failed to parse PROXY header","listenerNum":0,"protocol":"tcp","listenAdr":"0.0.0.0:22","remoteAddr":"aa.aa.aa.aa:35100","localAddr":"bb.bb.bb.bb:22","error":"PROXY header missing","dropConnection":true}

I'm missing something?

dandreossi avatar Jan 17 '24 01:01 dandreossi

same here.

poptree avatar Mar 10 '24 16:03 poptree

i got the same error , any workaround or did i miss something here

"msg":"failed to read PROXY header","listenerNum":0,"protocol":"tcp","listenAdr":"0.0.0.0:5522","remoteAddr":"xx.xx.xx.xx:53422","localAddr":"yy.yy.yy.yy:5522","error":"EOF","dropConnection":true

@majst01 , @stargo ,can you please provide your insights on this

aketia00 avatar Mar 14 '24 11:03 aketia00

Did you connect to the load balancer or this proxy directly? If you bypass the load balancer, then the header won't be attached. PROXY header missing, as per this issue description, means that no header with source info was added before getting to go-mmproxy.

Could also be that send-proxy wasn't enabled on the load balancer, which tells it to add the info.

colans avatar Sep 09 '24 15:09 colans

I connect directly to the Proxy

dandreossi avatar Sep 18 '24 13:09 dandreossi

The flow needs to be:

  1. Load balancer or other proxy that adds the Proxy Protocol header (send-proxy or send-proxy-v2)
  2. go-mmproxy
  3. Your back-end service that doesn't support Proxy Protocol on its own.

If you bypass step 1, go-mmproxy doesn't get the header info it needs.

colans avatar Sep 18 '24 23:09 colans

To add more to colans's anwser: https://github.com/path-network/go-mmproxy/issues/29#issuecomment-2359609503

Load balancer example:

haproxy, backend:
        server 127.0.0.1:12345 send-proxy
haproxy, backend:
        server 127.0.0.1:12345 send-proxy-v2
nginx, in some block:
        proxy_protocol on; proxy_pass 127.0.0.1:12345;

Connection flow: incoming connection to server --> Load balancer (adding proxy protocol) --> go-mmproxy --> back-end service

simplerick-simplefun avatar Apr 25 '25 19:04 simplerick-simplefun

I have same error but with latest nginx/angie

On LB server (192.168.100.53) nginx config:

stream{
    server {
        listen     11153 udp;
        proxy_pass 192.168.100.55:5353;
        proxy_responses 1;
        proxy_protocol on;
        proxy_timeout 5s;
        proxy_connect_timeout 3s;
    }
}

on dns server (192.168.100.55) with go-mmproxy and AdGuard

/usr/local/bin/go-mmproxy -l 0.0.0.0:5353 -4 127.0.0.1:15353 -p udp -v 2

AdGuard runs on 127.0.0.1:15353

in go-mmproxy i've got this error when make dig command dig @192.168.100.53 -p11153 google.com A:

{"time":"2025-05-01T01:54:31.06979406Z","level":"DEBUG","msg":"failed to parse PROXY header","listenerNum":0,"protocol":"udp","listenAddr":"0.0.0.0:5353","error":"PROXY header missing","remoteAddr":"192.168.100.53:53232"}

On DNS server i've added route as described in readme:

ip rule add from 127.0.0.1/8 iif lo table 123
ip route add local 0.0.0.0/0 dev lo table 123

What i missed?

ergoz avatar May 01 '25 02:05 ergoz