Kyle Isom
ed94548dfa
Extend the config, database schema, and server internals to support per-route L4/L7 mode selection and PROXY protocol fields. This is the foundation for L7 HTTP/2 reverse proxying and multi-hop PROXY protocol support described in the updated ARCHITECTURE.md. Config: Listener gains ProxyProtocol; Route gains Mode, TLSCert, TLSKey, BackendTLS, SendProxyProtocol. L7 routes validated at load time (cert/key pair must exist and parse). Mode defaults to "l4". DB: Migration v2 adds columns to listeners and routes tables. CRUD and seeding updated to persist all new fields. Server: RouteInfo replaces bare backend string in route lookup. handleConn dispatches on route.Mode (L7 path stubbed with error). ListenerState and ListenerData carry ProxyProtocol flag. All existing L4 tests pass unchanged. New tests cover migration v2, L7 field persistence, config validation for mode/cert/key, and proxy_protocol flag round-tripping. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2.9 KiB
2.9 KiB
PROGRESS.md
Tracks implementation status against PROJECT_PLAN.md. Updated as work proceeds. Each item is marked:
[ ]not started[~]in progress[x]complete[—]skipped (with reason)
Phase 1: Database & Config Foundation
- 1.1 Config struct updates (
Listener.ProxyProtocol,Route.Mode/TLSCert/TLSKey/BackendTLS/SendProxyProtocol) - 1.2 Config validation updates (L7 requires cert/key, mode enum, cert/key pair loading)
- 1.3 Database migration v2 (new columns on
listenersandroutes) - 1.4 DB struct and CRUD updates (new fields in
Listener,Route, all queries) - 1.5 Server data loading (
RouteInfostruct replaces bare backend string in route lookup) - 1.6 Tests (config, DB migration, CRUD, server unchanged)
Phase 2: PROXY Protocol
- 2.1
internal/proxyproto/package (v1/v2 parser, v2 writer) - 2.2 Server integration — receive (parse PROXY header before firewall on enabled listeners)
- 2.3 Server integration — send on L4 (write PROXY v2 header before ClientHello on enabled routes)
- 2.4 Tests (receive, send, firewall uses real IP, malformed header rejection)
Phase 3: L7 Proxying
- 3.1
internal/l7/package (PrefixConn, HTTP/2 reverse proxy with h2c,Serveentry point) - 3.2 Server integration (dispatch to L4 or L7 based on
route.ModeinhandleConn) - 3.3 PROXY protocol sending in L7 path
- 3.4 Tests (TLS termination, h2c backend, re-encrypt, mixed L4/L7 listener, gRPC through L7)
Phase 4: gRPC API & CLI Updates
- 4.1 Proto updates (new fields on
Route,AddRouteRequest,ListenerStatus) - 4.2 gRPC server updates (accept/validate/persist new route fields)
- 4.3 Client package updates (new fields on
Route,ListenerStatus) - 4.4 mcproxyctl updates (flags for
routes add, display inroutes list) - 4.5 Tests (gRPC round-trip with new fields, backward compatibility)
Phase 5: Integration & Polish
- 5.1 Dev config update (
srv/mc-proxy.tomlwith L7 routes, test certs) - 5.2 Multi-hop integration test (edge→origin via PROXY protocol)
- 5.3 gRPC-through-L7 validation (unary, streaming, trailers, deadlines)
- 5.4 Web UI through L7 validation (HTTP/1.1, HTTP/2, static assets)
- 5.5 Documentation (verify ARCHITECTURE.md, CLAUDE.md, Makefile)
Current State
The codebase is L4-only. All existing functionality is working and tested:
- SNI extraction and raw TCP relay
- Global firewall (IP, CIDR, GeoIP country blocking, per-IP rate limiting)
- SQLite persistence with write-through pattern
- gRPC admin API (Unix socket) for route and firewall CRUD
- CLI tools (
mc-proxy server/status/snapshot,mcproxyctl) make allpasses (vet, lint, test, build)
ARCHITECTURE.md and CLAUDE.md have been updated to describe the target state. PROJECT_PLAN.md describes the implementation path. This file tracks progress.