partially broken SSL passthrough with v1.14.x due to go-proxyproto library change #14489
Description
What happened:
starting with this commit (adding proxy protocol v2 support), the proxy protocol parsing library changed to pires/go-proxyproto.
there's a bug in that library, which makes it so that data returned by the library's Read() calls will not fill the 16KiB buffer nginx-controller provides, but instead only 256 (minus the proxy protocol header itself) bytes will be read, leading to incomplete/truncated data and erroneous routing (as e.g. the hostname string will instead of some-domain.company.tld be some-domain.company.t\x00\x00, as can be observed with --v=4 logging).
What you expected to happen:
the library change should not have impacted users of the proxy protocol and ssl passthrough feature.
NGINX Ingress controller version:
1.14.x
Kubernetes version (use kubectl version): irrelevant
How to reproduce this issue:
create a passhtrough ingress with a relatively long hostname, and try sending proxy protocol traffic with longer and longer hostnames (or more TLS certificates, etc.) until you reach the "truncated buffer" issue.
Anything else we need to know:
I've contributed a fix for the upstream pires/go-proxyproto library: pires/go-proxyproto#142
once that is merged, we simply have to update that module and the issue will be solved.