I followed the guide at http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/enable-proxy-protocol.html to enable the Proxy Protocol on both my TCP listeners (ports 80 and 443). I ran the following commands on one of my EC2 instances:
aws elb create-load-balancer-policy \
--load-balancer-name 'proxy-connect-test' \
--policy-name EnableProxyProtocol \
--policy-type-name ProxyProtocolPolicyType \
--policy-attributes AttributeName=ProxyProtocol,AttributeValue=true
echo "Enabling policy on :80"
aws elb set-load-balancer-policies-for-backend-server \
--load-balancer 'proxy-connect-test' \
--instance-port 80 --policy-names 'EnableProxyProtocol'
echo "Enabling policy on :443"
aws elb set-load-balancer-policies-for-backend-server \
--load-balancer 'proxy-connect-test' --instance-port 443 \
--policy-names 'EnableProxyProtocol'
I can confirm that the policies have been recorded by using describe-load-balancers:
"BackendServerDescriptions": [
{
"InstancePort": 80,
"PolicyNames": [
"EnableProxyProtocol"
]
},
{
"InstancePort": 443,
"PolicyNames": [
"EnableProxyProtocol"
]
}
],
But, when I make requests to either of those ports, I can't see the Proxy Protocol header when using tcpdump. I can make requests successfully through the back-end servers with both HTTP and HTTPS but I just don't seem to get the expected PROXY header.
I'm not using any other kind of proxy between my clients (openssl s_client, Firefox) and the backend web server (where tcpdump is observing the connection). The listeners are TCP:80 -> TCP:8080 and TCP:443 -> TCP:8443.
Do I have to do anything else to get the Proxy Protocol enabled on my ELB?
