🎉 Announcing new lower pricing — up to 40% lower costs for Cloud Servers and Cloud SQL! Read more →

PROXY Protocol support for Brightbox Load Balancers

Our Load Balancer API now supports the PROXY Protocol, which is a standard for sending client connection information from proxies through to back end servers.

It works in a similar way to the X-Forwarded-For HTTP header — the load balancer sends the client IP address (and optionally other information) to the backend server before the actual data — except it works for any kind of TCP connection and not just HTTP.

So if you’re load balancing SMTP, for example, your SMTP servers are able to learn the true client IP address — critical for various anti-spam detection systems. Or if you’re load balancing MySQL, your MySQL servers are able to properly apply IP access control.

Your backend services need to support the protocol, but it’s fairly widespread and well supported.

Our new PROXY Protocol support is especially useful for Kubernetes deployments, particularly if you’re using the NGINX ingress controller and want to manage your own Let’s Encrypt certificates. If you use our Kubernetes Cloud Controller Manager, it will now handle adding the relevant backends with the appropriate ports as and when things change too. Just add the brightbox-load-balancer-listener-proxy-protocol annotation:

apiVersion: v1
kind: Service
type: LoadBalancer
metadata:
  name: web
  annotations:
    service.beta.kubernetes.io/brightbox-load-balancer-listener-protocol: "tcp"
    service.beta.kubernetes.io/brightbox-load-balancer-healthcheck-protocol: "tcp"
    service.beta.kubernetes.io/brightbox-load-balancer-listener-proxy-protocol: "v2"
spec:
  selector:
    app: myapp
  ports:
  - name: web
    port: 443
    protocol: TCP
    targetPort: https

There are multiple versions of the protocol that can provide different information, such as SSL information, including client certificate details. Our reference docs have more details on the available options.

Support for PROXY Protocol is already available in our Kubernetes Cloud Controller, version 1.13.4 and updates to our CLI and Brightbox Manager will follow soon!

Get started with Brightbox Sign up takes just two minutes...