Add PROXY support

cmd/go-away/main.go

@@ -11,6 +11,7 @@ import (
 	"git.gammaspectra.live/git/go-away/lib"
 	"git.gammaspectra.live/git/go-away/lib/policy"
 	"git.gammaspectra.live/git/go-away/utils"
+	"github.com/pires/go-proxyproto"
 	"golang.org/x/crypto/acme"
 	"golang.org/x/crypto/acme/autocert"
 	"golang.org/x/net/http2"
@@ -30,7 +31,7 @@ import (
 	"time"
 )
 
-func setupListener(network, address, socketMode string) (net.Listener, string) {
+func setupListener(network, address, socketMode string, proxy bool) (net.Listener, string) {
 	formattedAddress := ""
 	switch network {
 	case "unix":
@@ -61,6 +62,14 @@ func setupListener(network, address, socketMode string) (net.Listener, string) {
 		}
 	}
 
+	if proxy {
+		slog.Warn("listener PROXY enabled")
+		formattedAddress += " +PROXY"
+		listener = &proxyproto.Listener{
+			Listener: listener,
+		}
+	}
+
 	return listener, formattedAddress
 }
 
@@ -130,6 +139,7 @@ func newACMEManager(clientDirectory string, backends map[string]http.Handler) *a
 func main() {
 	bind := flag.String("bind", ":8080", "network address to bind HTTP/HTTP(s) to")
 	bindNetwork := flag.String("bind-network", "tcp", "network family to bind HTTP to, e.g. unix, tcp")
+	bindProxy := flag.Bool("bind-proxy", false, "use PROXY protocol in front of the listener")
 	socketMode := flag.String("socket-mode", "0770", "socket mode (permissions) for unix domain sockets.")
 
 	slogLevel := flag.String("slog-level", "WARN", "logging level (see https://pkg.go.dev/log/slog#hdr-Levels)")
@@ -288,7 +298,7 @@ func main() {
 				backend.ServeHTTP(w, r)
 			}), acmeManager)
 
-			listener, listenUrl := setupListener(*bindNetwork, *bind, *socketMode)
+			listener, listenUrl := setupListener(*bindNetwork, *bind, *socketMode, *bindProxy)
 			slog.Warn(
 				"listening passthrough",
 				"url", listenUrl,
@@ -346,7 +356,7 @@ func main() {
 	cancelFunc()
 	wg.Wait()
 
-	listener, listenUrl := setupListener(*bindNetwork, *bind, *socketMode)
+	listener, listenUrl := setupListener(*bindNetwork, *bind, *socketMode, *bindProxy)
 	slog.Warn(
 		"listening",
 		"url", listenUrl,

go.mod

@@ -11,8 +11,10 @@ require (
 	github.com/google/cel-go v0.24.1
 	github.com/itchyny/gojq v0.12.17
 	github.com/klauspost/compress v1.18.0
+	github.com/pires/go-proxyproto v0.8.0
 	github.com/tetratelabs/wazero v1.9.0
 	github.com/yl2chen/cidranger v1.0.2
+	golang.org/x/crypto v0.33.0
 	golang.org/x/net v0.35.0
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -23,7 +25,6 @@ require (
 	github.com/itchyny/timefmt-go v0.1.6 // indirect
 	github.com/kevinpollet/nego v0.0.0-20211010160919-a65cd48cee43 // indirect
 	github.com/stoewer/go-strcase v1.3.0 // indirect
-	golang.org/x/crypto v0.33.0 // indirect
 	golang.org/x/exp v0.0.0-20250210185358-939b2ce775ac // indirect
 	golang.org/x/text v0.22.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240826202546-f6391c0de4c7 // indirect

go.sum

@@ -23,6 +23,8 @@ github.com/kevinpollet/nego v0.0.0-20211010160919-a65cd48cee43 h1:Pdirg1gwhEcGjM
 github.com/kevinpollet/nego v0.0.0-20211010160919-a65cd48cee43/go.mod h1:ahLMuLCUyDdXqtqGyuwGev7/PGtO7r7ocvdwDuEN/3E=
 github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
 github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
+github.com/pires/go-proxyproto v0.8.0 h1:5unRmEAPbHXHuLjDg01CxJWf91cw3lKHc/0xzKpXEe0=
+github.com/pires/go-proxyproto v0.8.0/go.mod h1:iknsfgnH8EkjrMeMyvfKByp9TiBZCKZM0jx2xmKqnVY=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs=