From 921d22549d21536553ab17e7c208ae6fd6b888d1 Mon Sep 17 00:00:00 2001 From: Edoardo Spadolini Date: Fri, 29 Nov 2024 18:05:05 +0100 Subject: [PATCH] Honor the proxy peering listen address specified in the configuration (#49586) --- lib/service/service.go | 5 +---- lib/service/servicecfg/proxy.go | 22 ++++++++++++++-------- 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/lib/service/service.go b/lib/service/service.go index 8d82a4bcaa0f3..9d1eff7f53c69 100644 --- a/lib/service/service.go +++ b/lib/service/service.go @@ -4037,10 +4037,7 @@ func (process *TeleportProcess) setupProxyListeners(networkingConfig types.Clust } if !cfg.Proxy.DisableReverseTunnel && tunnelStrategy == types.ProxyPeering { - addr, err := process.Config.Proxy.PeerAddr() - if err != nil { - return nil, trace.Wrap(err) - } + addr := process.Config.Proxy.PeerListenAddr() listener, err := process.importOrCreateListener(ListenerProxyPeer, addr.String()) if err != nil { diff --git a/lib/service/servicecfg/proxy.go b/lib/service/servicecfg/proxy.go index 93ab0767c69be..b206d3d13cff0 100644 --- a/lib/service/servicecfg/proxy.go +++ b/lib/service/servicecfg/proxy.go @@ -210,18 +210,15 @@ func (c ProxyConfig) KubeAddr() (string, error) { } // PublicPeerAddr attempts to returns the public address the proxy advertises -// for proxy peering clients if available. It falls back to PeerAddr othewise. +// for proxy peering clients if available; otherwise, it falls back to trying to +// guess an appropriate public address based on the listen address. func (c ProxyConfig) PublicPeerAddr() (*utils.NetAddr, error) { addr := &c.PeerPublicAddr - if addr.IsEmpty() || addr.IsHostUnspecified() { - return c.PeerAddr() + if !addr.IsEmpty() && !addr.IsHostUnspecified() { + return addr, nil } - return addr, nil -} -// PeerAddr returns the address the proxy advertises for proxy peering clients. -func (c ProxyConfig) PeerAddr() (*utils.NetAddr, error) { - addr := &c.PeerAddress + addr = &c.PeerAddress if addr.IsEmpty() { addr = defaults.ProxyPeeringListenAddr() } @@ -243,6 +240,15 @@ func (c ProxyConfig) PeerAddr() (*utils.NetAddr, error) { return addr, nil } +// PeerListenAddr returns the proxy peering listen address that was configured, +// or the default one otherwise. +func (c ProxyConfig) PeerListenAddr() *utils.NetAddr { + if c.PeerAddress.IsEmpty() { + return defaults.ProxyPeeringListenAddr() + } + return &c.PeerAddress +} + // KubeProxyConfig specifies the Kubernetes configuration for Teleport's proxy service type KubeProxyConfig struct { // Enabled turns kubernetes proxy role on or off for this process