Merge pull request #262 from thingsboard/proxy-protocol

Enable/disable proxy protocol per MQTT listener

Author: dmytro-landiak

application/src/main/java/org/thingsboard/mqtt/broker/server/AbstractMqttChannelInitializer.java

@@ -29,6 +29,8 @@
 import org.thingsboard.mqtt.broker.server.ip.ProxyIpAddressHandler;
 import org.thingsboard.mqtt.broker.server.traffic.DuplexTrafficHandler;
 
+import java.util.Objects;
+
 @Slf4j
 @Getter
 public abstract class AbstractMqttChannelInitializer extends ChannelInitializer<SocketChannel> implements MqttChannelInitializer {
@@ -38,7 +40,7 @@ public abstract class AbstractMqttChannelInitializer extends ChannelInitializer<
     @Value("${historical-data-report.enabled:true}")
     private boolean historicalDataReportEnabled;
     @Value("${listener.proxy_enabled:false}")
-    private boolean proxyProtocolEnabled;
+    private boolean globalProxyProtocolEnabled;
 
     protected final MqttHandlerFactory handlerFactory;
 
@@ -50,7 +52,7 @@ public AbstractMqttChannelInitializer(MqttHandlerFactory handlerFactory) {
     public void initChannel(SocketChannel ch) {
         ChannelPipeline pipeline = ch.pipeline();
 
-        if (proxyProtocolEnabled) {
+        if (isProxyProtocolEnabled()) {
             pipeline.addLast("proxy", new HAProxyMessageDecoder());
             pipeline.addLast("ipAdrHandler", new ProxyIpAddressHandler());
         } else {
@@ -85,4 +87,8 @@ protected void constructWsPipeline(SocketChannel ch) {
 
     }
 
+    private boolean isProxyProtocolEnabled() {
+        return Objects.requireNonNullElseGet(isListenerProxyProtocolEnabled(), () -> globalProxyProtocolEnabled);
+    }
+
 }

application/src/main/java/org/thingsboard/mqtt/broker/server/MqttChannelInitializer.java

@@ -29,4 +29,5 @@ default SslHandler getSslHandler() {
         return null;
     }
 
+    Boolean isListenerProxyProtocolEnabled();
 }

application/src/main/java/org/thingsboard/mqtt/broker/server/tcp/MqttTcpChannelInitializer.java

@@ -52,4 +52,8 @@ public String getChannelInitializerName() {
         return BrokerConstants.TCP;
     }
 
+    @Override
+    public Boolean isListenerProxyProtocolEnabled() {
+        return context.getListenerProxyProtocolEnabled();
+    }
 }

application/src/main/java/org/thingsboard/mqtt/broker/server/tcp/MqttTcpServerContext.java

@@ -20,9 +20,13 @@
 import org.springframework.stereotype.Component;
 
 @Component
+@Getter
 public class MqttTcpServerContext {
 
-    @Getter
     @Value("${listener.tcp.netty.max_payload_size}")
     private int maxPayloadSize;
+
+    @Value("${listener.tcp.proxy_enabled:}")
+    private Boolean listenerProxyProtocolEnabled;
+
 }

application/src/main/java/org/thingsboard/mqtt/broker/server/tls/MqttSslChannelInitializer.java

@@ -20,7 +20,6 @@
 import lombok.Getter;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 import org.thingsboard.mqtt.broker.common.data.BrokerConstants;
 import org.thingsboard.mqtt.broker.server.AbstractMqttChannelInitializer;
@@ -34,9 +33,6 @@ public class MqttSslChannelInitializer extends AbstractMqttChannelInitializer {
 
     private final MqttSslServerContext context;
 
-    @Value("${listener.ssl.config.enabled_cipher_suites}")
-    private String[] enabledCipherSuites;
-
     public MqttSslChannelInitializer(MqttHandlerFactory handlerFactory, MqttSslServerContext context) {
         super(handlerFactory);
         this.context = context;
@@ -59,7 +55,11 @@ public String getChannelInitializerName() {
 
     @Override
     public SslHandler getSslHandler() {
-        return context.getSslHandlerProvider().getSslHandler(enabledCipherSuites, handlerFactory.getClientAuthType());
+        return context.getSslHandlerProvider().getSslHandler(context.getEnabledCipherSuites(), handlerFactory.getClientAuthType());
     }
 
+    @Override
+    public Boolean isListenerProxyProtocolEnabled() {
+        return context.getListenerProxyProtocolEnabled();
+    }
 }

application/src/main/java/org/thingsboard/mqtt/broker/server/tls/MqttSslServerContext.java

@@ -29,4 +29,11 @@ public class MqttSslServerContext {
 
     @Value("${listener.ssl.netty.max_payload_size}")
     private int maxPayloadSize;
+
+    @Value("${listener.ssl.proxy_enabled:}")
+    private Boolean listenerProxyProtocolEnabled;
+
+    @Value("${listener.ssl.config.enabled_cipher_suites}")
+    private String[] enabledCipherSuites;
+
 }

application/src/main/java/org/thingsboard/mqtt/broker/server/ws/MqttWsChannelInitializer.java

@@ -19,7 +19,6 @@
 import lombok.Getter;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 import org.thingsboard.mqtt.broker.common.data.BrokerConstants;
 import org.thingsboard.mqtt.broker.server.AbstractMqttWsChannelInitializer;
@@ -31,22 +30,35 @@
 @Getter
 public class MqttWsChannelInitializer extends AbstractMqttWsChannelInitializer {
 
-    @Value("${listener.ws.netty.sub_protocols}")
-    private String subprotocols;
-    @Value("${listener.ws.netty.max_payload_size}")
-    private int maxPayloadSize;
+    private final MqttWsServerContext context;
 
-    public MqttWsChannelInitializer(MqttHandlerFactory handlerFactory) {
+    public MqttWsChannelInitializer(MqttHandlerFactory handlerFactory, MqttWsServerContext context) {
         super(handlerFactory);
+        this.context = context;
     }
 
     @Override
     public void initChannel(SocketChannel ch) {
         super.initChannel(ch);
     }
 
+    @Override
+    public int getMaxPayloadSize() {
+        return context.getMaxPayloadSize();
+    }
+
     @Override
     public String getChannelInitializerName() {
         return BrokerConstants.WS;
     }
+
+    @Override
+    public Boolean isListenerProxyProtocolEnabled() {
+        return context.getListenerProxyProtocolEnabled();
+    }
+
+    @Override
+    protected String getSubprotocols() {
+        return context.getSubprotocols();
+    }
 }

application/src/main/java/org/thingsboard/mqtt/broker/server/ws/MqttWsServerContext.java

@@ -0,0 +1,35 @@
+/**
+ * Copyright © 2016-2025 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.mqtt.broker.server.ws;
+
+import lombok.Getter;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+@Component
+@Getter
+public class MqttWsServerContext {
+
+    @Value("${listener.ws.netty.max_payload_size}")
+    private int maxPayloadSize;
+
+    @Value("${listener.ws.proxy_enabled:}")
+    private Boolean listenerProxyProtocolEnabled;
+
+    @Value("${listener.ws.netty.sub_protocols}")
+    private String subprotocols;
+
+}

application/src/main/java/org/thingsboard/mqtt/broker/server/wss/MqttWssChannelInitializer.java

@@ -20,7 +20,6 @@
 import lombok.Getter;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 import org.thingsboard.mqtt.broker.common.data.BrokerConstants;
 import org.thingsboard.mqtt.broker.server.AbstractMqttWsChannelInitializer;
@@ -34,11 +33,6 @@ public class MqttWssChannelInitializer extends AbstractMqttWsChannelInitializer
 
     private final MqttWssServerContext context;
 
-    @Value("${listener.wss.netty.sub_protocols}")
-    private String subprotocols;
-    @Value("${listener.wss.config.enabled_cipher_suites}")
-    private String[] enabledCipherSuites;
-
     public MqttWssChannelInitializer(MqttHandlerFactory handlerFactory, MqttWssServerContext context) {
         super(handlerFactory);
         this.context = context;
@@ -61,6 +55,16 @@ public String getChannelInitializerName() {
 
     @Override
     public SslHandler getSslHandler() {
-        return context.getWssHandlerProvider().getSslHandler(enabledCipherSuites, handlerFactory.getClientAuthType());
+        return context.getWssHandlerProvider().getSslHandler(context.getEnabledCipherSuites(), handlerFactory.getClientAuthType());
+    }
+
+    @Override
+    public Boolean isListenerProxyProtocolEnabled() {
+        return context.getListenerProxyProtocolEnabled();
+    }
+
+    @Override
+    protected String getSubprotocols() {
+        return context.getSubprotocols();
     }
 }

application/src/main/java/org/thingsboard/mqtt/broker/server/wss/MqttWssServerContext.java

@@ -29,4 +29,14 @@ public class MqttWssServerContext {
 
     @Value("${listener.wss.netty.max_payload_size}")
     private int maxPayloadSize;
+
+    @Value("${listener.wss.proxy_enabled:}")
+    private Boolean listenerProxyProtocolEnabled;
+
+    @Value("${listener.wss.netty.sub_protocols}")
+    private String subprotocols;
+
+    @Value("${listener.wss.config.enabled_cipher_suites}")
+    private String[] enabledCipherSuites;
+
 }