Add PROXY protocol support

[jefferai]

Fixes #799

Ping #815

[chrishoffman]

Looks good overall. Just a few comments.

[chrishoffman]

I wonder if a nested proxy_protocol block would be nicer here, with keys of behavior and allowed_addrs.

[jefferai]

I think the answer is "yes" although we don't do that with tls, so I worry it would be sort of a "okay, why are they changing this up now" issue UX wise. We could support that later on and move tls and proxy both.

[jefferai]

See 5dea9eb for a quick change to address this at the moment.

[chrishoffman]

Could you move this up into your switch statement above?

[jefferai]

Done.

[chrishoffman]

This appears to be missing from the vendor directory.

[jefferai]

Yeah, stupid me, I got sockaddr and forgot proxyproto. Added.

[chrishoffman]

This method could really use some unit tests to ensure the allowed addresses are being set correctly.

[chrishoffman]

Also, can you add some docs for the config options. The behaviors especially took me a bit to get.

[jefferai]

Yeah, I'll make sure to add docs before merging this.

[briankassouf]

Just one small comment

[briankassouf]

Not sure if this is a standard or not, but this name is pretty confusing to me. Should it be use_if_unauthorized?

[jefferai]

maybe this should properly be "use_if_allowed" but I thought that might be even more confusing. Alternately I could change the name to "AuthorizedAddrs" instead of AllowedAddrs? (or maybe AuthorizedHosts?)

[jantman]

@jefferai I can barely explain how happy I am to see this! Thank you sooo much!

[jefferai]

:-D

[hairyhenderson]

🎉 Thanks @jefferai! This is awesome! 😀

[posito]

@jefferai any documentation on how to use this awesomeness? Am I reading wrong but it doesn't look like this part of the 0.8.0 release ?

[chrishoffman]

See https://www.vaultproject.io/docs/configuration/listener/tcp.html#proxy_protocol_behavior