Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

kubernetes nginx ingress with proxy protocol ended up with broken header

I try to setup nginx ingress (nodeport) on google container with proxy protocol so that the real ip can be forwarded to backend service, but ended up with broken header.

2017/02/05 13:48:52 [error] 18#18: *2 broken header: "�����~��]H�k��m[|����I��iv.�{y��Z �嵦v�Ȭq���2Iu4P�z;�    o$�s����"���+�/�,�0̨̩����/" while reading PROXY protocol, client: 10.50.0.1, server: 0.0.0.0:443

If without the proxy protocol, thing works well. According to the https://blog.mythic-beasts.com/2016/05/09/proxy-protocol-nginx-broken-header/ this is due to the protocol v2 is used (binary), but nginx only can speak v1. Any suggestion?

like image 397
ken Avatar asked Feb 06 '17 02:02

ken


1 Answers

GKE: With kubernetes v1.6+ source ip is preserved by default and can be found in headers under x-real-ip without setting any extra nginx config.

AWS: Source ip can be preserved by adding this to the annotations

apiVersion: v1
kind: Service
metadata:
  name: nginx-ingress
  namespace: nginx-ingress
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
  labels:
    app: nginx-ingress

Checkout this link https://github.com/kubernetes/ingress/tree/master/examples/aws/nginx

like image 126
Phanindra Avatar answered Nov 15 '22 09:11

Phanindra