Skip to main content
Version: 1.30.2

Enable PROXY Protocol in SD Ingress module

What is the PROXY Protocol

In production environments, workload is usually made available to the outside world using a load balancer placed in front of the nodes that expose the actual applications. This approach enables high availability (HA) for applications, where a failure of a node is not problematic because there is at least another one that can answer requests.

Being placed in front of the actual applications, load balancers will receive client requests and create new requests for the backend. This often results some client informations, such as their IP, not being sent to the backend application.

PROXY Protocol helps to maintain that information across the request chain. All major load balancers (HAProxy, NGINX, cloud provider-managed solutions...) make use of the protocol or can be configured to do so.

To function properly, the PROXY Protocol must also be enabled on the receiving backend, so that it can understand the client information and use it for its purposes.

SD Ingress Module - Enable proxy_protocol

SD Ingress Module installs NGINX Ingress Controller inside your cluster. To enable the PROXY Protocol inside the NGINX Ingress Controller, a change inside its configuration has to be made (read more in NGINX Ingress documentation).

As of now, SD does not provide a configuration option for it, but you can still make the required change using a custom patch. Here is a step-by-step guide:

  1. Create an SD cluster configuration file with one of the supported providers.

  2. Create a nginx-proxy-patch.yaml file with this content:

    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: nginx-configuration
      namespace: ingress-nginx
    data:
      use-proxy-protocol: "true"

  3. Insert in your furyctl.yaml configuration file the following section:

    ...
    spec:
      ...
      distribution:
        ...
        customPatches:
          patchesStrategicMerge:
            - /path/to/nginx-proxy-patch.yaml
        ...

  4. Apply the configuration:

    furyctl apply

Done! Now your NGINX Ingress Controller can accept the PROXY Protocol coming from upstream load balancers and read the client data.