Skip to content

Allow the use of TCP ProxyProtocol in ELB AWS

Cristhian requested to merge crileroro/gitlab:2140-add-option-tcp-proxy-protocol into master

What does this MR do?

  • This allows the ProxyProtocol to be enabled (By default it is disabled to keep the current status) which can be useful when implementing an ELB in AWS.
  • PROXY string is added to the nginx-tcp-configmap when enabling the ProxyProtocol. This way the ProxyProtocol header will only be decoded.
  • Tested in a EKS cluster (v1.18.9) using the default configuration of the Gitlab Helm Chart:
    • The real client IP address is properly sent to the destination. This was verified in the nginx-ingress-controller logs.
    • This configuration does not break SSH.

Related issues

#2140 (closed)

Checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion.

Required

  • Merge Request Title and Description are up to date, accurate, and descriptive
  • MR targeting the appropriate branch
  • MR has a green pipeline on GitLab.com

Expected (please provide an explanation if not completing)

  • Test plan indicating conditions for success has been posted and passes
  • Documentation created/updated
  • Tests added
  • Integration tests added to GitLab QA
  • Equivalent MR/issue for omnibus-gitlab opened
Edited by Cristhian

Merge request reports