From 687df1469f7f4eb21a58dcaeb9bf040870060e9b Mon Sep 17 00:00:00 2001
From: Luca Toscano <elukey@apache.org>
Date: Fri, 30 Dec 2016 18:20:04 +0000
Subject: [PATCH] Documentation rebuild for mod_remoteip

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1776616 13f79535-47bb-0310-9956-ffa450edef68
---
 docs/manual/mod/mod_remoteip.html.en  | 71 +++++++++++++++++++++++++++
 docs/manual/mod/mod_remoteip.xml.fr   |  2 +-
 docs/manual/mod/mod_remoteip.xml.meta |  2 +-
 3 files changed, 73 insertions(+), 2 deletions(-)

diff --git a/docs/manual/mod/mod_remoteip.html.en b/docs/manual/mod/mod_remoteip.html.en
index 43388ccc83..7da43c0090 100644
--- a/docs/manual/mod/mod_remoteip.html.en
+++ b/docs/manual/mod/mod_remoteip.html.en
@@ -47,6 +47,12 @@ via the request headers.
     with the useragent IP address reported in the request header configured
     with the <code class="directive"><a href="#remoteipheader">RemoteIPHeader</a></code> directive.</p>
 
+    <p>Additionally, this module implements the server side of
+    HAProxy's
+    <a href="http://blog.haproxy.com/haproxy/proxy-protocol/">Proxy Protocol</a> when
+    using the <code class="directive"><a href="#remoteipproxyprotocolenable">RemoteIPProxyProtocolEnable</a></code>
+    directive.</p>
+
     <p>Once replaced as instructed, this overridden useragent IP address is
     then used for the <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>
     <code class="directive"><a href="../mod/mod_authz_core.html#require">Require ip</a></code>
@@ -69,6 +75,7 @@ via the request headers.
 <li><img alt="" src="../images/down.gif" /> <a href="#remoteipinternalproxy">RemoteIPInternalProxy</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#remoteipinternalproxylist">RemoteIPInternalProxyList</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#remoteipproxiesheader">RemoteIPProxiesHeader</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#remoteipproxyprotocol">RemoteIPProxyProtocol</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#remoteiptrustedproxy">RemoteIPTrustedProxy</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#remoteiptrustedproxylist">RemoteIPTrustedProxyList</a></li>
 </ul>
@@ -77,6 +84,7 @@ via the request headers.
 <li><code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code></li>
 <li><code class="module"><a href="../mod/mod_status.html">mod_status</a></code></li>
 <li><code class="module"><a href="../mod/mod_log_config.html">mod_log_config</a></code></li>
+<li><a href="http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt">Proxy Protocol Spec</a></li>
 <li><a href="#comments_section">Comments</a></li></ul></div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="section">
@@ -217,6 +225,69 @@ gateway.localdomain #The front end balancer</pre></div>
 RemoteIPProxiesHeader X-Forwarded-By</pre>
 </div>
 
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="RemoteIPProxyProtocol" id="RemoteIPProxyProtocol">RemoteIPProxyProtocol</a> <a name="remoteipproxyprotocol" id="remoteipproxyprotocol">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enable, optionally enable or disable the proxy protocol handling</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ProxyProtocol On|Optional|Off</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_remoteip</td></tr>
+</table>
+    <p>The <code class="directive">RemoteIPProxyProtocolEnable</code> enables or 
+    disables the reading and handling of the proxy protocol connection header.
+    If enabled with the <code>On</code> flag, the upstream client <em>must</em>
+    send the header every time it opens a connection or the connection will
+    be aborted. If enabled with the <code>Optional</code> flag, the upstream
+    client <em>may</em> send the header.</p>
+
+    <p>While this directive may be specified in any virtual host, it is
+    important to understand that because the proxy protocol is connection
+    based and protocol agnostic, the enabling and disabling is actually based
+    on ip-address and port. This means that if you have multiple name-based
+    virtual hosts for the same host and port, and you enable it any one of
+    them, then it is enabled for all them (with that host and port). It also
+    means that if you attempt to enable the proxy protocol in one and disable
+    in the other, that won't work; in such a case the last one wins and a
+    notice will be logged indicating which setting was being overridden.</p>
+
+    <div class="note">When multiple virtual hosts on the same IP and port are
+    configured with a combination of <code>On</code> and <code>Optional</code>
+    flags, connections will not be aborted if the header is not sent.
+    Instead, enforcement will happen after the request is read so virtual
+    hosts configured with <code>On</code> will return a 400 Bad Request.
+    Virtual hosts configured with <code>Optional</code> will continue as
+    usual but without replacing the client IP information</div>
+    
+    <pre class="prettyprint lang-config">Listen 80
+&lt;VirtualHost *:80&gt;
+    ServerName www.example.com
+    RemoteIPProxyProtocolEnable Optional
+
+    #Requests to this virtual host may optionally not have
+    # a proxy protocol header provided
+&lt;/VirtualHost&gt;
+
+&lt;VirtualHost *:80&gt;
+    ServerName www.example.com
+    RemoteIPProxyProtocolEnable On
+
+    #Requests to this virtual host must have a proxy protocol
+    # header provided. If it is missing, a 400 will result
+&lt;/VirtualHost&gt;
+
+Listen 8080
+&lt;VirtualHost *:8080&gt;
+    ServerName www.example.com
+    RemoteIPProxyProtocolEnable On
+
+    #Requests to this virtual host must have a proxy protocol
+    # header provided. If it is missing, the connection will
+    # be aborted
+&lt;/VirtualHost&gt;</pre>
+
+
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="RemoteIPTrustedProxy" id="RemoteIPTrustedProxy">RemoteIPTrustedProxy</a> <a name="remoteiptrustedproxy" id="remoteiptrustedproxy">Directive</a></h2>
diff --git a/docs/manual/mod/mod_remoteip.xml.fr b/docs/manual/mod/mod_remoteip.xml.fr
index 91ec2990f3..6655e17feb 100644
--- a/docs/manual/mod/mod_remoteip.xml.fr
+++ b/docs/manual/mod/mod_remoteip.xml.fr
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision: 1704683 -->
+<!-- English Revision: 1704683:1776578 (outdated) -->
 <!-- French translation : Lucien GENTIS -->
 <!-- Reviewed by : Vincent Deffontaines -->
 
diff --git a/docs/manual/mod/mod_remoteip.xml.meta b/docs/manual/mod/mod_remoteip.xml.meta
index 1a7c78a9f1..771852e80c 100644
--- a/docs/manual/mod/mod_remoteip.xml.meta
+++ b/docs/manual/mod/mod_remoteip.xml.meta
@@ -8,6 +8,6 @@
 
   <variants>
     <variant>en</variant>
-    <variant>fr</variant>
+    <variant outdated="yes">fr</variant>
   </variants>
 </metafile>
-- 
2.50.1