Gabe Ortiz

Systems Engineer. Charcutier.

Preserving source IP — Postfix behind Amazon ELB

AWS_ELB_Postfix.png Why run Postfix behind an ELB instead of doing DNS round-robin? Lots of reasons. It’s a lot easier to autoscale, for one. You get increased control over load distribution, you don’t have to wait for DNS propagation. But wait, won’t I lose the source IP since we’ll have to do TCP load balancing? No, of course not — that was a rhetorical question. Here’s how it’s done.

Amazon ELB supports Proxy Protocol. This will write a TCP header that can later be read by applications which support it. Luckily for us, Postfix supports Proxy Protocol in versions 2.10 and above.

Unfortunately, the AWS web console doesn’t have an easy way to enable Proxy Protocol, but it’s pretty easy to accomplish with the AWS CLI tools. First, we need to create a policy:

aws elb create-load-balancer-policy --load-balancer-name YOUR-ELB-HERE --policy-name EnableProxyProtocol --policy-type-name ProxyProtocolPolicyType...

Continue reading →

Subscribe to Gabe Ortiz

Don’t worry; we hate spam with a passion.
You can unsubscribe with one click.