From 5a0df3ea6c298a23a65cbab79f885946d1e7aeef Mon Sep 17 00:00:00 2001 From: Edoardo Spadolini Date: Fri, 29 Nov 2024 16:55:01 +0100 Subject: [PATCH] Honor the proxy peering listen address specified in the configuration --- lib/service/service.go | 5 +---- lib/service/servicecfg/proxy.go | 22 ++++++++++++++-------- 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/lib/service/service.go b/lib/service/service.go index 42ed6fe5737a9..e2a35c8df2f07 100644 --- a/lib/service/service.go +++ b/lib/service/service.go @@ -3908,10 +3908,7 @@ func (process *TeleportProcess) setupProxyListeners(networkingConfig types.Clust } if !cfg.Proxy.DisableReverseTunnel && tunnelStrategy == types.ProxyPeering { - addr, err := process.Config.Proxy.PeerAddr() - if err != nil { - return nil, trace.Wrap(err) - } + addr := process.Config.Proxy.PeerListenAddr() listener, err := process.importOrCreateListener(ListenerProxyPeer, addr.String()) if err != nil { diff --git a/lib/service/servicecfg/proxy.go b/lib/service/servicecfg/proxy.go index c07ce5d47b0f4..7beac2ab2ab5c 100644 --- a/lib/service/servicecfg/proxy.go +++ b/lib/service/servicecfg/proxy.go @@ -205,18 +205,15 @@ func (c ProxyConfig) KubeAddr() (string, error) { } // PublicPeerAddr attempts to returns the public address the proxy advertises -// for proxy peering clients if available. It falls back to PeerAddr othewise. +// for proxy peering clients if available; otherwise, it falls back to trying to +// guess an appropriate public address based on the listen address. func (c ProxyConfig) PublicPeerAddr() (*utils.NetAddr, error) { addr := &c.PeerPublicAddr - if addr.IsEmpty() || addr.IsHostUnspecified() { - return c.PeerAddr() + if !addr.IsEmpty() && !addr.IsHostUnspecified() { + return addr, nil } - return addr, nil -} -// PeerAddr returns the address the proxy advertises for proxy peering clients. -func (c ProxyConfig) PeerAddr() (*utils.NetAddr, error) { - addr := &c.PeerAddress + addr = &c.PeerAddress if addr.IsEmpty() { addr = defaults.ProxyPeeringListenAddr() } @@ -238,6 +235,15 @@ func (c ProxyConfig) PeerAddr() (*utils.NetAddr, error) { return addr, nil } +// PeerListenAddr returns the proxy peering listen address that was configured, +// or the default one otherwise. +func (c ProxyConfig) PeerListenAddr() *utils.NetAddr { + if c.PeerAddress.IsEmpty() { + return defaults.ProxyPeeringListenAddr() + } + return &c.PeerAddress +} + // KubeProxyConfig specifies the Kubernetes configuration for Teleport's proxy service type KubeProxyConfig struct { // Enabled turns kubernetes proxy role on or off for this process