Add docs/examples for proxy_protocol

2016-05-06 09:23:52 +01:00 · 2016-05-06 09:23:52 +01:00 · ca53e1efb4
commit ca53e1efb4
parent 2db2324c6c
5 changed files with 112 additions and 0 deletions
--- a/controllers/nginx/README.md
+++ b/controllers/nginx/README.md
@ -132,6 +132,14 @@ To disable this behavior use `hsts=false` in the NGINX ConfigMap.
 NGINX provides the configuration option [ssl_buffer_size](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size) to allow the optimization of the TLS record size. This improves the [Time To First Byte](https://www.igvita.com/2013/12/16/optimizing-nginx-tls-time-to-first-byte/) (TTTFB). The default value in the Ingress controller is `4k` (nginx default is `16k`);


+## Proxy Protocol
+
+If you are using a L4 proxy to forward the traffic to the NGINX pods and terminate HTTP/HTTPS there, you will lose the remote endpoint's IP addresses. To prevent this you could use the [Proxy Protocol](http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt) for forwarding traffic, this will send the connection details before forwarding the acutal TCP connection itself.
+
+Amongst others [ELBs in AWS](http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/enable-proxy-protocol.html) and [HAProxy](http://www.haproxy.org/) support Proxy Protocol.
+
+Please check the [proxy-protocol](examples/proxy-protocol/) example
+
 ## Exposing TCP services

 Ingress does not support TCP services (yet). For this reason this Ingress controller uses a ConfigMap where the key is the external port to use and the value is