Using NGINX Plus to decode Proxy Protocol TLV linkIdentifier from Azure Private Link Service
In this video, we look at how to use NGINX Plus to get the TCP Proxy Protocol v2 TLV from the Azure Private Link Service and extract and decode the numeric linkIdentifier (aka LINKID) of the private endpoint connection.
Update March 2023: There is now better integration with cloud specific headers directly in the NGINX Plus which may no longer required NJS code described in this article. Please see the documentation for ngx_http_proxy_protocol_vendor_module.
Prior to watching this deep dive video, I recommend to review Azure Private Link Service explanation and demos from provider (SaaS ISV) and consumer perspectives and TCP Proxy Protocol v2 with Azure Private Link Service — Deep Dive.
Tip: Play the video full screen or on YouTube.
03:05 NGINX Plus
13:15 Decoding TLV
18:20 Seeing the linkIdentifier
- Deploy simple Azure Private Link provider and consumer (video)
- Understand TCP Proxy Protocol v2 with Azure Private Link Service (video)
- Install NGINX Plus on provider’s backend VMs
Code snippets for NGINX Plus
azure_privatelink.js and nginx.conf in /etc/nginx directory
Please leave feedback and questions below, on the YouTube video, or on Twitter https://twitter.com/ArsenVlad