Sign in
1 min read digitalocean

Forwarding Client Connection Info in Your DigitalOcean Kubernetes Setup with PROXY Protocol

Forwarding Client Connection Info in Your DigitalOcean Kubernetes Setup with PROXY Protocol
Photo of the sky, somewhere on Lolland, Denmark

In this blog post, we’ll delve into enabling the PROXY protocol on DigitalOcean's LoadBalancer using ingress-nginx in order to forward client IP addresses.

Our focus will be on forwarding client IP addresses, a crucial step for scenarios such as IP-based geolocation or access restriction based on IP.

Let’s dive into the details! 🌊🪸

⚠️
I assume you already have an Ingress NGINX Controller installed and running

Enable PROXY protocol on the Ingress NGINX Controller

First, we need to edit the ConfigMap:

kubectl edit configmap ingress-nginx-controller

Under data add use-proxy-protocol and set it to "true"

This will allow the Ingress NGINX Controller to parse the PROXY protocol header.

apiVersion: v1
data:
  use-proxy-protocol: "true"
⚠️
Notice: this is a string and NOT a boolean 😮

Enable PROXY protocol on the LoadBalancer

Lastly, we need to edit the Ingress NGINX Controller service, where we specifically enable the PROXY protocol on the DigitalOcean LoadBalancer, so it will pass the real client IP:

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"

You might also like...

Feb
13
How to Connect Ghost to a Managed MySQL Database on DigitalOcean with Helm

How to Connect Ghost to a Managed MySQL Database on DigitalOcean with Helm

So, you installed Ghost on your Kubernetes cluster with the bitnami/ghost Helm chart. That's pretty cool, congrats!
3 min read