AWS ELB with HTTPS termination in Rancher LB (haproxy)
After deploying a new service in AWS with Rancher and ELB’s, I was not able to get the X-Forward-For HTTP header from my ELB’s. Fixing this includes enabling the ProxyProtocol policy on the ELB’s and in Rancher’s Haproxy. Haproxy overwrites the X-Forwarded-For header by default, so a small change is needed to have haproxy only add this header only if it’s not already set.
First, create a ELB with TCP listeners for port 80 and 443.
- Create a new load balancer policy using the “ProxyProtocolPolicyType” policy
- Assign the new policy to the instances ports on your ELB
- Set proxy-protocol and forwardfor option on your LB in Rancher