= ranch_proxy_header(3) == Name ranch_proxy_header - PROXY protocol == Description The module `ranch_proxy_header` provides functions for parsing and building the PROXY protocol header. == Exports * link:man:ranch_proxy_header:parse(3)[ranch_proxy_header:parse(3)] - Parse a PROXY protocol header * link:man:ranch_proxy_header:header(3)[ranch_proxy_header:header(3)] - Build a PROXY protocol header == Types === proxy_info() [source,erlang] ---- proxy_info() = #{ %% Mandatory part. version := 1 | 2, command := local | proxy, transport_family => undefined | ipv4 | ipv6 | unix, transport_protocol => undefined | stream | dgram, %% Addresses. src_address => inet:ip_address() | binary(), src_port => inet:port_number(), dest_address => inet:ip_address() | binary(), dest_port => inet:port_number(), %% Extra TLV-encoded data. alpn => binary(), %% US-ASCII. authority => binary(), %% UTF-8. netns => binary(), %% US-ASCII. ssl => #{ client := [ssl | cert_conn | cert_sess], verified := boolean(), version => binary(), %% US-ASCII. cipher => binary(), %% US-ASCII. sig_alg => binary(), %% US-ASCII. key_alg => binary(), %% US-ASCII. cn => binary() %% UTF-8. }, %% Unknown TLVs can't be parsed so the raw data is given. raw_tlvs => [{0..255, binary()}] }. ---- The PROXY protocol information. The following fields may be found, although most of them are optional: version:: The PROXY protocol version used. command:: `proxy` is used for proxied connections. `local` for non-proxied connections. Those do not have any additional information. transport_family:: The transport family of the original connection. transport_protocol:: The transport protocol of the original connection. src_address:: The source address of the original connection. This is the original address of the client. src_port:: The source port of the original connection. This is the port the client opened on its end for the connection. It is not defined for UNIX domain sockets. dest_address:: The destination address of the original connection. dest_port:: The destination port of the original connection. It is not defined for UNIX domain sockets. alpn:: The upper layer protocol in use over the connection. This is typically negotiated via the ALPN extension for TLS. authority:: The host name serving as authority for the connection. This is typically passed using the SNI extension for TLS. netns:: The namespace's name for the original connection. ssl:: Various informations pertaining to the original SSL/TLS connection. client::: A list containing a number of flags. `ssl` indicates that the client connected over SSL/TLS. `cert_conn` indicates that the client provided a certificate over the original connection. `cert_sess` indicates that the client provided a certificate at least once over the TLS session this connection belongs to. verified::: Whether the client presented a certificate and it was successfully verified. version::: The US-ASCII string containing the SSL/TLS version used for the original connection. cipher::: The US-ASCII string name of the cipher used. sig_alg::: The US-ASCII string name of the algorithm used to sign the certificate provided by the client. key_alg::: The US-ASCII string name of the algorithm used to generate the key of the certificate provided by the client. cn::: The UTF-8 string representation of the Common Name field of the client certificate's Distinguished Name. raw_tlvs:: The non-standard TLVs that Ranch was not able to parse. == Changelog * *1.7*: Module introduced. == See also link:man:ranch(7)[ranch(7)]