Continuent Documentation

Manual Home
Tungsten Clustering (for MySQL) 7.1 Manual
Page in Other Manuals
Tungsten Replicator 7.1 Manual
Breadcrumbs
> Tungsten Clustering (for MySQL) 7.1 Manual

       > 7. Tungsten Connector

       > 7.12. Advanced Configuration
Chapters
Preface
1. Introduction
2. Deployment
3. Deployment: MySQL Topologies
4. Deployment: Advanced
5. Deployment: Security
6. Operations Guide
7. Tungsten Connector
8. Tungsten Manager
9. Command-line Tools
10. The tpm Deployment Command
11. Tungsten REST API (APIv2)
12. Replication Filters
13. Performance, Tuning and Testing
A. Release Notes
B. Prerequisites
C. Troubleshooting
D. Files, Directories, and Environment
E. Terminology Reference
F. Internals
G. Frequently Asked Questions (FAQ)
H. Ecosystem Support
I. Configuration Property Reference
Navigate Up
7.12. Advanced Configuration
Parent Sections
7.12.1. Working with Proxy Protocol v1
7.12.2. Using Multiple Dataservices
7.12.3. Advanced Listeners
7.12.4. Connector Automatic Reconnect
7.12.5. Using the Connector with HA Proxy
7.12.6. Using Fall-Back Bridge Mode
7.12.7. Using the Max Connections Feature
7.12.8. Adjusting the Client Disconnect Delay During Manual Switch
7.12.9. Adjusting the Bridge Mode Forced Client Disconnect Timeout
7.12.10. Adjusting the Connnector Response to Resource Losses
7.12.11. Connector Logging Configuration
7.12.12. Connector Audit Logging
7.12.13. Connector SSL Advertisement Configuration
7.12.14. Connector IP Address Configuration
7.12.15. Deploying a Connector through Docker
7.12.1. Working with Proxy Protocol v1
Prev  ^Up7.12. Advanced Configuration Next

7.12.1. Working with Proxy Protocol v1

From release 6.1.13, the Connector is able to work with Proxy Protocol v1, available in newer distributions of MySQL from MariaDB and Percona.

By default, when remote clients connect to a Tungsten Cluster via the Connector, the origin IP shown in MySQL maps to the Connector host the client has connected through.

This can have many disadvantages, especially when relying on host level security restricitons within your MySQL database.

The introduction of Proxy Protocol allows the origin IP of the calling client to be passed through instead.

To enable this feature, first you need to ensure you are using a release of MySQL that supports this. At time of documenting this is limited to the following:

  • Percona-5.6.25-73.0 and greater

  • MariaDB 10.3 and greater

Note

Currently Proxy Protocol is ONLY available in the releases mentioned above. neither Community edition nor Oracle Enterprise edition yet support this.

Next ensure you enable Proxy Protocol within the my.cnf by adding the following property: proxy-protocol-networks=*

The * indicates allow all, however this can be a comma-separated list of (sub)networks or IP addresses instead, to allow finer granularity.

You can now enable the connector to recognise this by enabling the folloing tpm property: --connector-enable-proxy-protocol=true

After applying the property and issuing tpm update (or tools/tpm install if a new installation) you should see the correct origin IP's when querying show processlist and tungsten show processlist

If you enable proxy protocol within the connector, but the underlying database does not support this, you will see the following error: 

shell> tpm connector
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 8 (HY000): Could not authorize the user 'app_user'
Attempt to connect to the server failed.
Could not connect: Got packets out of order
Contact your Tungsten administrator.
Prev Up Next
7.12. Advanced Configuration  ^Level 7.12.2. Using Multiple Dataservices
Copyright © 2016-2023 Continuent, Ltd.(800) 270-9035Terms of UsePrivacy & CookiesLegal NoticeExhibits