Using Proxy Protocol with NodeBalancers

When a Linode NodeBalancer passes a request from a client to a back-end node, information regarding the original client is not included by default. While this is fine for many environments, your applications may require original client information such as IP address or port. For these cases, Linode NodeBalancers support Proxy Protocol for TCP connections so that you can pass client information to back-end nodes.

What is Proxy Protocol

Proxy Protocol is an internet protocol for various high availability and load balancing solutions to carry information about a client directly to back-end servers.

When selecting TCP as your NodeBalancer protocol, you can enable Proxy Protocol to add a header containing client information to back-end nodes.

📘

Back-end nodes must also have Proxy Protocol enabled on supported applications to receive the client information header.

Additional configuration options may need to be enabled on the application or service to accommodate traffic between the node and the NodeBalancer, including allowing IPv6 and/or IPv4 traffic, and enabling traffic on all necessary ports.

Currently, there are two available versions of Proxy Protocol, v1 and v2:

  • v1: Proxy Protocol v1 adds a human readable string to all requests, similar to the following:

    PROXY TCP4 192.0.2.0 203.0.113.0 56147 80
    

    The syntax for this output is as follows:

      PROXY, PROTOCOL, CLIENT_IP, NODEBALANCER_IP, CLIENT ORIGIN PORT, NODEBALANCER PORT
    
  • v2: Proxy Protocol v2 adds a more efficient binary data header to all requests, similar to the following:

    \r\n\r\n\x00\r\nQUIT\n!\x11\x00\x0c\xach\x11\x05\xcf\xc0D8\xfe\x1e\x04\xd2
    

More information on v1 and v2 is available in the Proxy Protocol Specification.

Configure Proxy Protocol

In order to make use of Proxy Protocol, it needs to be configured on the NodeBalancer as well as each back-end node Compute Instance.

Configure the NodeBalancer

To enable Proxy Protocol for your NodeBalancer, follow the instructions below.

  1. Log in to Cloud Manager, click NodeBalancers in the left menu, and select the NodeBalancer you wish to edit. See Manage NodeBalancers.

  2. Navigate to the Configurations tab and open the port configuration you wish to edit.

  3. Ensure that the Protocol option is set to TCP, which makes the Proxy Protocol dropdown menu appear. Select the desired Proxy Protocol version.

  4. Click the Save button on the bottom of the page to Save your changes.

Configure the back-end nodes

Once Proxy Protocol is configured for your NodeBalancer, ensure that it is also enabled for the receiving software on your back-end Nodes. You can find a list of compatible software in the Proxy Protocol documentation. Here are links to guidance for enabling Proxy Protocol for common software: