Forum Discussion

Darren_Walker_2's avatar
Darren_Walker_2
Icon for Cirrus rankCirrus
Jul 24, 2018

Proxy Protocol: How to implement via irule

We are trying to implement proxy protocol (for use with RabbitMQ AMQP) and have this irule: when CLIENT_ACCEPTED{ set proxyheader "PROXY TCP[IP::version] [IP::remote_addr] [IP::local_addr] [TC...
application delivery
iRules
LTM
  • Darren_Walker_2's avatar
    Darren_Walker_2
    Jul 26, 2018

    After restarting the BIGIP we are no longer receiving the operation not supported error.

     

Darren_Walker_2's avatar
Darren_Walker_2
Icon for Cirrus rankCirrus
Oct 10, 2018

This is how we configured rabbitmq.conf to get it working:

listeners.ssl.default = 5671
proxy_protocol = true
ssl_options.cacertfile = /path/to/cacert.pem
ssl_options.certfile = /path/to/cert.pem
ssl_options.keyfile = /path/to/key.pem
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = false
ssl_options.depth = 3
ssl_options.versions.1 = tlsv1.2
auth_mechanisms.1 = PLAIN
auth_mechanisms.2 = AMQPLAIN
auth_mechanisms.3 = EXTERNAL

On the F5 appliance, create an iRule with the following contents:

when CLIENT_ACCEPTED {
set proxyheader "PROXY TCP[IP::version] [IP::remote_addr] [IP::local_addr] [TCP::remote_port] [TCP::local_port]\r\n"
} 
when SERVER_CONNECTED {TCP::respond $proxyheader}