Welcome! Log In Create A New Profile

Advanced

Proxy protocol wrapped inside of SSL packet

Posted by Bonnarooster 
Proxy protocol wrapped inside of SSL packet
January 22, 2016 03:23PM
Hopefully someone can shed some light on this for me. I have been trying to get it working all morning, and am finally throwing in the towel for now.

So the situation is, we are using AWS ELB with SSL. There is SSL termination on the load balancer however we also forward the traffic down via SSL. We have proxy protocol enabled on the ELB, so after the ELB terminates the SSL it attaches the proxy protocol header to the packet then re encoded the entire packet. Once the packet arrives at NGINX if I have the following config line

listen 443 ssl proxy_protocol;

NGINX attempts to read the proxy protocol header and fails. This seems reasonable to me, I understand. However what I want to do is terminate the SSL here then handle the proxy protocol header and continue forwarding the data with the proxy protocol info appended as x-forwarded-for headers. Unfortunately, when I remove proxy_protocol from the listen NGINX then throws the following error

client sent invalid request while reading client request line, client: ZZ.ZZ.ZZ.ZZ, server: , request: "PROXY TCP4 XX.XX.XX.XX YY.YY.YY.YY 49225 443"

Again, this does make sense. I understand why it is happening but can not figure out a workaround, if there is one.

Any suggestions? Thanks in advance!

EDIT: I was going to try and compile with the stream module, then set 'proxy_protocol on' for the upstream but my fear is that it will still fail or try to add a second proxy protocol header.



Edited 2 time(s). Last edit at 01/22/2016 03:31PM by Bonnarooster.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 185
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready