Proxy_protocol v2 support for Kong

faisal · 2018-10-29 23:40:20 UTC

Is anyone aware of a workaround for supporting proxy_protocol_v2 with kong?

I am running Kong in aws fargate behind an NLB. Since NLB does not preserve source ip, I decided to use NLB’s proxy_protocol_v2 to implement IP whitelisting. However, kong and openresty both are still on 0.13.6.1, and proxy_protocol_v2 was implemented in nginx 1.13.11 (03 Apr 2018).

Is it possible to safely update nginx version shipped with kong?
Is anyone aware of a better way to support ip whitelisting with NLB and fargate?

Thanks.

http://nginx.org/en/CHANGES
Changes with nginx 1.13.11 03 Apr 2018

*) Feature: the "proxy_protocol" parameter of the "listen" directive now
   supports the PROXY protocol version 2.

thibaultcha · 2018-10-30 22:35:43 UTC

Hi,

Until we bump our underlying nginx core version, you will not be able to use this option. We are waiting for a new OpenResty release (based on the 1.15 nginx core) to proceed.

The good news is that OpenResty 1.15.5.1rc0 was released yesterday (see https://github.com/openresty/openresty/issues/353#issuecomment-434153093), so a 1.15 based Kong version is now in sight on the horizon.