Description
Hello all,
for my current project I am playing around with the PROXY protocol and need to pass a custom TLV containing the GN of the client certificate to my server. When I set the send-proxy-v2 directive in the default-server config part, everything works fine and the data plane API is able to find my EC2 instances via service discovery. I am using data plane API version 3.0.4.
This config works without issues but is missing the custom TLV:
default-server check port 9091 inter 5s ssl crt /ecs/config_storage/outgoing_cert.pem verify required ca-file /ecs/config_storage/outgoing_truststore.pem force-tlsv13 send-proxy-v2
As soon as I add in the custom TLV the data plane API gets an issue with service discovery and logs the the following problem without more details:
{"ID":"bbc4647c-51ba-4c89-8897-d50563584b89","ServiceDiscovery":"AWS","level":"error","msg":"error while updating service: validation error: signal: segmentation fault: err transactionId=433a115f-bfc6-4263-9692-597d3c57d997 ","time":"2025-04-01T12:08:44Z"}
This config breaks the service discovery:
default-server check port 9091 inter 5s ssl crt /ecs/config_storage/outgoing_cert.pem verify required ca-file /ecs/config_storage/outgoing_truststore.pem force-tlsv13 send-proxy-v2 set-proxy-v2-tlv-fmt(0xE0) %[var(sess.given_name)]
The variable sess.given_name is set in the frontend section using the following config:
tcp-request content set-var(sess.given_name) ssl_c_s_dn(GN)
I could make the setup work when hard-coding the IP address of the server, but that is not an acceptable solution, because I want to use the benefits of automatic service discovery.
server mqtt_broker 10.5.170.114:8883 ssl crt /ecs/config_storage/outgoing_cert.pem verify required ca-file /ecs/config_storage/outgoing_truststore.pem force-tlsv13 send-proxy-v2 set-proxy-v2-tlv-fmt(0xE0) %[var(sess.given_name)]
Could it be that the data plane API is using the config described in the default-server section and therefore gets the segmentation fault error, because the value for the variable sess.given_name is only set in the frontend section and the data plane API is missing this when doing the service discovery? If that is the case, could you give me a hint how I could fix this issue?
I would appreciate your help!