Add PROXY support to gitlab-shell container
This commit adds a new container, `gitlab-shell-libproxyproto`, that supports the PROXY protocol (https://developers.cloudflare.com/spectrum/proxy-protocol) via libproxyproto (https://github.com/msantos/libproxyproto). This allows the SSH server to get the real client IP instead of the IP of the load balancer. By default, the PROXY protocol is not enforced. This can be enabled in the Helm Chart via this config: ```yaml gitlab: gitlab-shell: enabled: true extraEnv: LIBPROXYPROTO_MUST_USE_PROTOCOL_HEADER: 1 ``` Debugging can be enabled via `LIBPROXYPROTO_DEBUG: 1`. Relates to https://gitlab.com/groups/gitlab-com/gl-infra/-/epics/425
Please register or sign in to comment