nginx-gateway-fabric icon indicating copy to clipboard operation
nginx-gateway-fabric copied to clipboard

Published 20 hours ago verified publisher icon nginxinc

Add proxy_protocol to server configuration

Open salonichf5 opened this issue 1 year ago • 2 comments
trafficstars

Proposed changes

Problem: As a user, I want to enable proxy protocol for my applications endpoint.

Solution: Add proxy_protocol to listen directives in nginx.conf

Testing: Manual testing with example

  1. With Proxy Protocol enabled

nginx.conf

server {
    listen 80 default_server proxy_protocol;
    listen [::]:80 default_server proxy_protocol;

    default_type text/html;
    return 404;
}

server {
    listen 80 proxy_protocol;
    listen [::]:80 proxy_protocol;

    server_name cafe.example.com;

curl -v --haproxy-protocol --resolve cafe.example.com:$GW_PORT:$GW_IP  http://cafe.example.com:$GW_PORT/tea
* Added cafe.example.com:8080:127.0.0.1 to DNS cache
* Hostname cafe.example.com was found in DNS cache
*   Trying 127.0.0.1:8080...
* Connected to cafe.example.com (127.0.0.1) port 8080
> GET /tea HTTP/1.1
> Host: cafe.example.com:8080
> User-Agent: curl/8.4.0
> Accept: */*
>
Handling connection for 8080
< HTTP/1.1 200 OK
< Server: nginx/1.27.0
< Date: Wed, 24 Jul 2024 22:34:50 GMT
< Content-Type: text/plain
< Content-Length: 155
< Connection: keep-alive
< Expires: Wed, 24 Jul 2024 22:34:49 GMT
< Cache-Control: no-cache
<
Server address: 10.244.0.77:8080
Server name: tea-596697966f-6r5tz
Date: 24/Jul/2024:22:34:50 +0000
URI: /tea
Request ID: 58d73c96a21a9226a139c79ea3a780ef
* Connection #0 to host cafe.example.com left intact

curl -v --haproxy-protocol --resolve cafe.example.com:$GW_PORT:$GW_IP  http://cafe.example.com:$GW_PORT/coffee
* Added cafe.example.com:8080:127.0.0.1 to DNS cache
* Hostname cafe.example.com was found in DNS cache
*   Trying 127.0.0.1:8080...
* Connected to cafe.example.com (127.0.0.1) port 8080
> GET /coffee HTTP/1.1
> Host: cafe.example.com:8080
> User-Agent: curl/8.4.0
> Accept: */*
>
Handling connection for 8080
< HTTP/1.1 200 OK
< Server: nginx/1.27.0
< Date: Wed, 24 Jul 2024 22:34:54 GMT
< Content-Type: text/plain
< Content-Length: 161
< Connection: keep-alive
< Expires: Wed, 24 Jul 2024 22:34:53 GMT
< Cache-Control: no-cache
<
Server address: 10.244.0.76:8080
Server name: coffee-56b44d4c55-zlmmh
Date: 24/Jul/2024:22:34:54 +0000
URI: /coffee
Request ID: 73fffd0c380d924b6e6768260c1d7078
* Connection #0 to host cafe.example.com left intact

NOTE Without the --haproxy-protocol flag, nginx will throw an error since no proxy details from client is passed

Please focus on (optional): If you any specific areas where you would like reviewers to focus their attention or provide specific feedback, add them here.

Closes #ISSUE

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • [x] I have read the CONTRIBUTING doc
  • [x] I have added tests that prove my fix is effective or that my feature works
  • [x] I have checked that all unit tests pass after adding my changes
  • [ ] I have updated necessary documentation
  • [ ] I have rebased my branch onto main
  • [x] I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

Release notes

If this PR introduces a change that affects users and needs to be mentioned in the release notes, please add a brief note that summarizes the change.

Add proxy protocol for application endpoints.

salonichf5 avatar Jul 24 '24 22:07 salonichf5