How to configure PROXY protocol in varnish upstream

Question

I found that to accept PROXY protocol connections in varnish all I need to do is to run varnish with extra -a :1234,PROXY parameter. But what about sending those connections to upstream?

If I have following infrastructure:

- TLS -|- VARNISH -|- NGINX - PHP
       |           |- ...
- TLS -|- VARNISH -|- NGINX - PHP

How should I configure Varnish to use PROXY protocol in Varnish -> Nginx connection.

score 3 · Accepted Answer · answered Jul 27 '22 at 07:09

As described in https://varnish-cache.org/docs/6.0/reference/vcl.html#backend-definition, you can add a .proxy_header property to your backend definition to forward the PROXY protocol to your origin webserver.

Here's an example definition:

vcl 4.1;

backend default {
    .host = "localhost";
    .port = "8080";
    .proxy_header = 2;
}

This assumes Nginx is running locally on port 8080 and supports PROXY protocol v2.

While Nginx supports listen 8080 proxy_protocol;, I'm not sure this is part of their open source offering.

The documentation on https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/ refers to Nginx Plus though.

How to configure PROXY protocol in varnish upstream

1 Answers1