Hopefully someone can shed some light on this for me. I have been trying to get it working all morning, and am finally throwing in the towel for now.
So the situation is, we are using AWS ELB with SSL. There is SSL termination on the load balancer however we also forward the traffic down via SSL. We have proxy protocol enabled on the ELB, so after the ELB terminates the SSL it attaches the proxy protocol header to the packet then re encoded the entire packet. Once the packet arrives at NGINX if I have the following config line
listen 443 ssl proxy_protocol;
NGINX attempts to read the proxy protocol header and fails. This seems reasonable to me, I understand. However what I want to do is terminate the SSL here then handle the proxy protocol header and continue forwarding the data with the proxy protocol info appended as x-forwarded-for headers. Unfortunately, when I remove proxy_protocol from the listen NGINX then throws the following error
client sent invalid request while reading client request line, client: ZZ.ZZ.ZZ.ZZ, server: , request: "PROXY TCP4 XX.XX.XX.XX YY.YY.YY.YY 49225 443"
Again, this does make sense. I understand why it is happening but can not figure out a workaround, if there is one.
Any suggestions? Thanks in advance!
EDIT: I was going to try and compile with the stream module, then set 'proxy_protocol on' for the upstream but my fear is that it will still fail or try to add a second proxy protocol header.
So the situation is, we are using AWS ELB with SSL. There is SSL termination on the load balancer however we also forward the traffic down via SSL. We have proxy protocol enabled on the ELB, so after the ELB terminates the SSL it attaches the proxy protocol header to the packet then re encoded the entire packet. Once the packet arrives at NGINX if I have the following config line
listen 443 ssl proxy_protocol;
NGINX attempts to read the proxy protocol header and fails. This seems reasonable to me, I understand. However what I want to do is terminate the SSL here then handle the proxy protocol header and continue forwarding the data with the proxy protocol info appended as x-forwarded-for headers. Unfortunately, when I remove proxy_protocol from the listen NGINX then throws the following error
client sent invalid request while reading client request line, client: ZZ.ZZ.ZZ.ZZ, server: , request: "PROXY TCP4 XX.XX.XX.XX YY.YY.YY.YY 49225 443"
Again, this does make sense. I understand why it is happening but can not figure out a workaround, if there is one.
Any suggestions? Thanks in advance!
EDIT: I was going to try and compile with the stream module, then set 'proxy_protocol on' for the upstream but my fear is that it will still fail or try to add a second proxy protocol header.