Extensive issue configure Nova with proxy protocol

This post is just to let you know that I had experienced an extensive issue configuring proxy protocol with Nova and in the end, Nova just doesn’t support it.
I could not find any support online so someone will land on this one day and be happy to know about it.

So Beware if we try to move over with proxy protocol setting using Digital Ocean Loadbalancer with proxy function turned on.

server {
listen 80 proxy_protocol;
set_real_ip_from xxx.xxx.xxx.xxx;
real_ip_header proxy_protocol;
}
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;

Instead of using the above to you just need to use the below with Nova.

real_ip_header X-Forwarded-For;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

This also works with Digital Ocean Loadbalancer, but you must turn off the proxy in digitalOcean.

1 Like

Hi,

The X-Forwarded-For (XFF) header is a de-facto standard header for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or a load balancer. When traffic is intercepted between clients and servers, server access logs contain the IP address of the proxy or load balancer only. To see the original IP address of the client, the X-Forwarded-For request header is used.

The proxy protocol is used to achieve a similar purpose at layer 4 where layer 7 headers tend to be inaccessible for proxies.

So for the HTTP/HTTPS traffic, using the X-Forwarded-For (XFF) header is the standards compliant way of getting client IP information through a proxy to application servers.

Cheers.

1 Like