AWS ELB with HTTPS termination in Rancher LB (haproxy)

After deploying a new service in AWS with Rancher and ELB’s, I was not able to get the X-Forward-For HTTP header from my ELB’s. Fixing this includes enabling the ProxyProtocol policy on the ELB’s and in Rancher’s Haproxy. Haproxy overwrites the X-Forwarded-For header by default, so a small change is needed to have haproxy only add this header only if it’s not already set.

First, create a ELB with TCP listeners for port 80 and 443.

aws elb create-load-balancer-policy \ 
  --load-balancer-name my-load-balancer \
  --policy-name EnableProxyProtocol \
  --policy-type-name ProxyProtocolPolicyType \
  --policy-attributes AttributeName=ProxyProtocol,AttributeValue=True
$ aws elb set-load-balancer-policies-for-backend-server \ 
  --load-balancer-name my-load-balancer \
  --instance-port 80 \
  --policy-names EnableProxyProtocol

$ aws elb set-load-balancer-policies-for-backend-server \ 
  --load-balancer-name my-load-balancer \
  --instance-port 443 \
  --policy-names EnableProxyProtocol
defaults
option forwardfor if-none

frontend 80
accept-proxy

frontend 443
accept-proxy
Back