How to set up Nginx Ingress for Load Balancers with Proxy Protocol Support

Digital Ocean just announced Proxy Protocol support for kubernetes load balancers.

How can we modify Nginx Ingress to work with the proxy protocol to get source ip of visitors?

Perhaps annotations?

I hope Digital Ocean engineers have tested proxy protocol with Nginx Ingress controllers


Can you help me for reverse proxy? From: http://localhost/api/apps/v1/* to : http://localhost/v1/*?

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

I got it working!!! The answer is to create a config map with use-proxy-protocol: “true” as follows:

Step 1. Follow instructions from the tutorial

kubectl apply -f

kubectl apply -f

Step 2. Create the following configmap.yaml that includes use-proxy-protocol:

# configmap.yaml
apiVersion: v1
kind: ConfigMap
  name: nginx-configuration
  namespace: ingress-nginx
  labels: ingress-nginx ingress-nginx
  use-forwarded-headers: "true"
  compute-full-forwarded-for: "true"
  use-proxy-protocol: "true"

Step 3. Apply configmap.yaml

kubectl apply -f configmap.yaml

Step 4. Create your ingress resource:

# ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
  name: echo-ingress
  - host:
      - backend:
          serviceName: echo1
          servicePort: 80
  - host:
      - backend:
          serviceName: echo2
          servicePort: 80

Step 5. Apply your ingress resource:

kubectl apply -f ingress.yaml

Step 6. Wait for the External IP of your load balancer

kubectl get svc -n ingress-nginx

Step 7. Enable Proxy Protocol on your load balancer

Image of load balancer

Step 8. Update your DNS A records with your External IP

Best of luck …

BTW … there’s an issue with proxy protocol and the jet stack cert-manager.


My only workaround is to temporarily disable proxy protocol on the load balancer (and nginx ingress config map) allowing the certificate to be issued.

kubectl edit configmap -n ingress-nginx nginx-ingress-controller
#  use-proxy-protocol: "true"

For anyone using Helm, you can replace steps 1, 2 and 3 (above) with the following …

# nginx-ingress-controller-config.yaml
    use-forwarded-headers: "true"
    compute-full-forwarded-for: "true"
    use-proxy-protocol: "true"

helm install --namespace ingress-nginx --name nginx-ingress stable/nginx-ingress -f nginx-ingress-controller-config.yaml

This comment has been deleted