Proxy Protocol V2 with Disabling client IP preservation in NLB Target groups

Question

Here, I am doing some R&D type of activity. I have a network load balancer and an EC2 instance running in my private network. In EC2 instance, nginx is installed and configured to accept proxy v2. I have configured the log format as follows in order to log the original client ip of the request.

``log_format compression '$remote_addr - $remote_user [$time_local] '
                            '"$request" $status $body_bytes_sent '
                            '"$http_referer" "$http_user_agent" "$gzip_ratio"';``

I have enabled proxy V2 in network load balancer and disabled client ip preservation.
Security group attached to EC2 instance allow traffic only from network load balancer IP.

What I want to do is allow traffic only from Network Load Balancer and I want to retrieve the Original client ip from the proxy headers.
Allow traffic from NLB is working properly but with the above setup nginx still logs the NLB's IP as the client IP. What is the issue of this setup?

Answer

Thanks for the detailed description.

In this case, `$remote_addr` still captures the IP address of the NLB node. Try adding `$proxy_protocol_addr` to the log_format and see if this helps, with more details in https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/.

Answer

Hello - any updates on this issue? 
We are also facing same issue in our EKS env - we are using nginx ingress controller with NLB with proxy protocol and can't see the original client IP in the requests/logs.

Any configuration can help to pass the client ip on into the nginx pods and the EKS backend pods?

Proxy Protocol V2 with Disabling client IP preservation in NLB Target groups

関連するコンテンツ