Configuring ProxyProtocol for Nginx Ingress on AWS

Configuring ProxyProtocol for Nginx Ingress on AWS

This post will quickly show you how to enable ProxyProtocol for your Nginx Ingress Controller on AWS.

Assumptions

All you need to do is add some configuration properties, and a few annotations to your service. These can be toggled on/off even after a LoadBalancer has been created.

Warning

Some applications don’t work well with ProxyProtocol. Be careful.

Steps

In values.yaml, set these:

controller:
  config:
    # use-forwarded-headers: "true"
    # compute-full-forwarded-for: "true"
    # be wary of k8s bug affecting cert-manager with ProxyProtocol
    # https://github.com/jetstack/cert-manager/issues/466
    use-proxy-protocol: "true"

  service:
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
      service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"

These config properties are automatically injected into ConfigMap NAME_OF_CHART-nginx-ingress-controller in your controller’s namespace.

After deploying these changes, downstream applications will see source IPs.

Further Reading