I noticed an odd quirk while configuring NGINX to accept PROXY protocol headers from a load balancer. I thought I'd share a quick note about using proxy_protocol, and its effects across multiple server directives sharing the same port.

When using proxy_protocol, it's enabled for all server directives that share the same port. Take for example the following configuration:

server {
  listen 80;
  server_name _;

  allow 172.31.0.0/32;

  location /health {
    access_log off;
    add_header Content-Type text/plain;
    return 200 "OK";
  }
}

server {
  listen 80 proxy_protocol;
  server_name example.com;

  location / {
    return 301 https://$host$request_uri;
}

example.com:80 has proxy_protocol enabled, thus enabling proxy_protocol on all port 80 requests. Requests to the former /health path would return a 400 Bad Request since it's expecting a PROXY protocol header that isn't there for AWS ELB health checks.

This can be mitigated by using a different port for server directives (in this case, we'd have our health check server block use port 8080, for example).