I’ve been trying to work out if Squid can inject a proxy protocol to down stream destinations… hopefully proxy protocol version 2 .
The scenario is as follows:
Server — CONNECT request + out of bound request ID in HTTP header —> ELB on 3128 added proxy protocol v1 with Server’s IP details —> SQUID extracts proxy protocol v1 to get Server’s IP details, extracts request ID, processes CONNECT request, injects proxy-protocol v2 in front of CONNECT TLS stream with either PP2_TYPE_NETNS TLV populated with request ID or better yet a custom TLV with the same info —> Reverse Proxy that accepts proxy-protocol v2.
The main aim of the game is to:
* be able to log as much detail as each hop to allow for correlation of logs through the infrastructure. Especially since the TLS is end to end between Server and Reverse Proxy.
* give the Reverse Proxy as much detail about the origin of the request.
I’ve been able to find that SQUID can accept the proxy protocol from the ELB… I’m curious as to whether or not the proxy protocol and TLV (NETNS or another) can be set?