scottk/Biohazard
1
0
Fork 0
mirror of https://github.com/outbackdingo/Biohazard.git synced 2026-03-21 08:39:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(external-proxy-x): add README

Browse Source 
Signed-off-by: JJGadgets <git@jjgadgets.tech>
This commit is contained in:
JJGadgets
2023-04-27 04:05:54 +08:00
parent c13edf8efc
commit 2333d10d9b
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
kube/3-deploy/1-core/05-ingress/external-proxy-x/README.md Normal file
View File

@@ -0,0 +1,13 @@
# external-proxy-x
## What is this?
This HAProxy is deployed in-cluster, allowing an external host (e.g. VPS, EC2) to run HAProxy with PROXY protocol encoding and send HTTP/S traffic in TCP mode to the external-proxy-x HAProxy.
external-proxy-x will then accept the TCP connection with PROXY protocol, decrypt the HTTPS traffic, add X-Forwarded-For header based on the PROXY protocol data, and re-encrypt the HTTPS traffic to send to ingress-nginx which is the actual Ingress controller that routes to apps.
Deploying external-proxy-x will allow ingress-nginx to be deployed without any TCP + PROXY listener looping hackiness, and allows ingress-nginx to listen without PROXY. This is important if other proxies that don't support PROXY but support X-Forwarded-For are in use (e.g. CloudFlare).
## Why the name?
Because I'm basically using HAProxy for **__external__** (public) ingress traffic, to translate **__PROXY__** protocol source IP data to **__X__**-Forwarded-For header data. Thus, **__external-proxy-x__**.