thib8956/nginx-proxy
1
0
Fork 0
mirror of https://github.com/thib8956/nginx-proxy synced 2025-08-23 16:01:57 +00:00
Code Issues Releases Wiki Activity

Merge pull request #2587 from antoniomika/am/proxy-protocol

Browse Source 
Proxy Protocol Support
This commit is contained in:
Nicolas Duchon
2025-07-27 16:15:32 +02:00
committed by GitHub
parent 753f6d3bcd 121e7020fc
commit 6ebf9d6fac
6 changed files with 180 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
docs/README.md
View File

@@ -805,6 +805,25 @@ For legacy compatibility reasons, `nginx-proxy` forwards any client-supplied `X-
The default for `TRUST_DOWNSTREAM_PROXY` may change to `false` in a future version of `nginx-proxy`. If you require it to be enabled, you are encouraged to explicitly set it to `true` to avoid compatibility problems when upgrading.
### Proxy Protocol Support
`nginx-proxy` has support for the [Proxy Protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt). This allows a separate proxy to send requests to `nginx-proxy` and encode information about the client connection without relying on HTTP headers. This can be enabled by setting `ENABLE_PROXY_PROTOCOL=true` on the main `nginx-proxy` container. It's important to note that enabling the proxy protocol will require all connections to `nginx-proxy` to use the protocol.
You can use this feature in conjunction with the `realip` module in nginx. This will allow for setting the `$remote_addr` and `$remote_port` nginx variables to the IP and port that are provided from the protocol message. Documentation for this functionality can be found in the [nginx documentation](https://nginx.org/en/docs/http/ngx_http_realip_module.html).
A simple example is as follows:
1. Create a configuration file for nginx, this can be global (in `conf.d`) or host specific (in `vhost.d`)
2. Add your `realip` configuration:
```nginx
# Your proxy server ip address
set_real_ip_from 192.168.1.0/24;
# Where to replace `$remote_addr` and `$remote_port` from
real_ip_header proxy_protocol;
```
⬆️ [back to table of contents](#table-of-contents)
## Custom Nginx Configuration
@@ -1329,6 +1348,7 @@ Configuration available either on the nginx-proxy container, or the docker-gen c
| [`ENABLE_HTTP2`](#http2-support) | `true` |
| [`ENABLE_HTTP3`](#http3-support) | `false` |
| [`ENABLE_IPV6`](#listening-on-ipv6) | `false` |
| [`ENABLE_PROXY_PROTOCOL`](#proxy-protocol-support) | `false` |
| [`HTTP_PORT`](#custom-external-httphttps-ports) | `80` |
| [`HTTPS_PORT`](#custom-external-httphttps-ports) | `443` |
| [`HTTPS_METHOD`](#how-ssl-support-works) | `redirect` |
@@ -1451,6 +1471,7 @@ curl -s -H "Host: test.nginx-proxy.tld" localhost/nginx-proxy-debug | jq
"enable_debug_endpoint": "true",
"enable_http2": "true",
"enable_http3": "false",
"enable_proxy_protocol": "false",
"enable_http_on_missing_cert": "true",
"enable_ipv6": false,
"enable_json_logs": false,