From 2333d10d9bc7d94cb96c2e8dcb4edfcbbd926718 Mon Sep 17 00:00:00 2001 From: JJGadgets Date: Thu, 27 Apr 2023 04:05:54 +0800 Subject: [PATCH] feat(external-proxy-x): add README Signed-off-by: JJGadgets --- .../1-core/05-ingress/external-proxy-x/README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 kube/3-deploy/1-core/05-ingress/external-proxy-x/README.md diff --git a/kube/3-deploy/1-core/05-ingress/external-proxy-x/README.md b/kube/3-deploy/1-core/05-ingress/external-proxy-x/README.md new file mode 100644 index 00000000..ed3e6412 --- /dev/null +++ b/kube/3-deploy/1-core/05-ingress/external-proxy-x/README.md @@ -0,0 +1,13 @@ +# external-proxy-x + +## What is this? + +This HAProxy is deployed in-cluster, allowing an external host (e.g. VPS, EC2) to run HAProxy with PROXY protocol encoding and send HTTP/S traffic in TCP mode to the external-proxy-x HAProxy. + +external-proxy-x will then accept the TCP connection with PROXY protocol, decrypt the HTTPS traffic, add X-Forwarded-For header based on the PROXY protocol data, and re-encrypt the HTTPS traffic to send to ingress-nginx which is the actual Ingress controller that routes to apps. + +Deploying external-proxy-x will allow ingress-nginx to be deployed without any TCP + PROXY listener looping hackiness, and allows ingress-nginx to listen without PROXY. This is important if other proxies that don't support PROXY but support X-Forwarded-For are in use (e.g. CloudFlare). + +## Why the name? + +Because I'm basically using HAProxy for **__external__** (public) ingress traffic, to translate **__PROXY__** protocol source IP data to **__X__**-Forwarded-For header data. Thus, **__external-proxy-x__**.