I don't have the time for that. And also, I think the PROXY method isn't an official HTTP method, right?
Why not simply use HTTPS from the load balancer to the backend webserver?
16 July 2017, 22:38
That's fair Hugo. Proxy proto is not part of HTTP, you are correct. The whole point is being able to relay this information without breaking the end-to-end encrypted connection, so it uses the TCP layer to communicate with backends. In some cases, breaking the connection (and re-encripting)at the LB as you suggest, present us with a transitory trust problem where we need to trust the LB which means expanding the scope of the security design of the solution.
I understand it's not going to be supported, just wanted to provide a rationale for the request.