feat(contrib/ec2): Setup proxy protocol by default

johanneswuerbach · johanneswuerbach · commit 4f634ed1275c · 2015-04-29T15:52:56.000+02:00
diff --git a/contrib/ec2/deis.template.json b/contrib/ec2/deis.template.json
@@ -287,20 +287,29 @@
         "HealthCheck": {
           "HealthyThreshold": "4",
           "Interval": "15",
-          "Target": "HTTP:80/health-check",
+          "Target": "TCP:80",
           "Timeout": "5",
           "UnhealthyThreshold": "2"
         },
         "Subnets": [
           { "Ref" : "Subnet1" },
           { "Ref" : "Subnet2" }
         ],
+        "Policies" : [{
+           "PolicyName" : "EnableProxyProtocol",
+           "PolicyType" : "ProxyProtocolPolicyType",
+           "Attributes" : [{
+              "Name"  : "ProxyProtocol",
+              "Value" : "true"
+           }],
+           "InstancePorts" : ["80", "443"]
+        }],
         "Listeners": [
           {
             "InstancePort": "80",
-            "InstanceProtocol": "HTTP",
+            "InstanceProtocol": "TCP",
             "LoadBalancerPort": "80",
-            "Protocol": "HTTP"
+            "Protocol": "TCP"
           },
           {
             "InstancePort": "443",
diff --git a/contrib/ec2/provision-ec2-cluster.sh b/contrib/ec2/provision-ec2-cluster.sh
@@ -55,15 +55,15 @@ SLEEPTIME=10
 COUNTER=1
 INSTANCE_IDS=""
 until [ $(wc -w <<< $INSTANCE_IDS) -eq $DEIS_NUM_INSTANCES -a "$STACK_STATUS" = "CREATE_COMPLETE" ]; do
-    if [ $COUNTER -gt $ATTEMPTS ]; then 
+    if [ $COUNTER -gt $ATTEMPTS ]; then
         echo "Provisioning instances failed (timeout, $(wc -w <<< $INSTANCE_IDS) of $DEIS_NUM_INSTANCES provisioned after 10m)"
         echo "Destroying stack $STACK_NAME"
         bailout
         exit 1
     fi
 
     STACK_STATUS=$(aws --output text cloudformation describe-stacks --stack-name $STACK_NAME --query 'Stacks[].StackStatus')
-    if [ $STACK_STATUS != "CREATE_IN_PROGRESS" -a $STACK_STATUS != "CREATE_COMPLETE" ] ; then 
+    if [ $STACK_STATUS != "CREATE_IN_PROGRESS" -a $STACK_STATUS != "CREATE_COMPLETE" ] ; then
       echo "error creating stack: "
       aws --output text cloudformation describe-stack-events \
           --stack-name $STACK_NAME \
@@ -127,3 +127,20 @@ echo "Using ELB $ELB_NAME at $ELB_DNS_NAME"
 
 echo_green "Your Deis cluster has been successfully deployed to AWS CloudFormation and is started."
 echo_green "Please continue to follow the instructions in the documentation."
+
+FIRST_INSTANCE=$(aws ec2 describe-instances \
+    --filters Name=tag:aws:cloudformation:stack-name,Values=$STACK_NAME Name=instance-state-name,Values=running \
+    --query 'Reservations[].Instances[].[PublicIpAddress]' \
+    --output text | head -1)
+echo_green "Setting DEISCTL_TUNNEL=$FIRST_INSTANCE"
+export DEISCTL_TUNNEL=$FIRST_INSTANCE
+echo_green "Enabling proxy protocol"
+
+if ! deisctl config router set proxyProtocol=1; then
+    echo_red "#"
+    echo_red "# Enabling proxy protocol failed, please enable proxy protocol "
+    echo_red "# manually after finishing your deis cluster installation."
+    echo_red "#"
+    echo_red "# deisctl config router set proxyProtocol=1"
+    echo_red "#"
+fi
diff --git a/docs/installing_deis/aws.rst b/docs/installing_deis/aws.rst
@@ -189,6 +189,13 @@ Run the cloudformation provision script to spawn a new CoreOS cluster:
     The default name of the CloudFormation stack will be ``deis``. You can specify a different name
     with ``./provision-ec2-cluster.sh <name>``.
 
+Remote IPs behind your ELB
+--------------------------
+
+The ELB you just created is load-balancing raw TCP connections, which is required for custom domain SSL
+and WebSockets. As remote IPs are by default not visible behind a TCP-Proxy, the ELB and your cluster routers
+were created with `Proxy Protocol`_ enabled.
+
 
 Configure DNS
 -------------
@@ -229,3 +236,4 @@ Please reference the AWS documentation for `more information about CloudFormatio
 .. _`PyYAML`: http://pyyaml.org/
 .. _`update_ec2_cluster.sh`: https://github.com/deis/deis/blob/master/contrib/ec2/update-ec2-cluster.sh
 .. _`More information about CloudFormation stack updates`: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html
+.. _`Proxy Protocol`: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/enable-proxy-protocol.html
