Thanks for the detailed description.
In this case,
$remote_addr still captures the IP address of the NLB node. Try adding
$proxy_protocol_addr to the log_format and see if this helps, with more details in https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/.
NLB IP preservation over peering target groupasked 2 months ago
EKS NLB target groups protocol change to httpsAccepted Answerasked a month ago
NLB Preserving Client IPAccepted Answerasked 2 years ago
[Feature request] dualstack NLB target groupsasked 2 months ago
Network Load Balancer SSH with Proxy V2 and Client IP Preservingasked 7 days ago
Source IP using PrivateLink and NLBAccepted AnswerMODERATORasked 3 years ago
Proxy Protocol V2 with Disabling client IP preservation in NLB Target groupsasked 10 days ago
Client IP Preservation for Network Load Balancer endpoints for Global Acceleratorasked 8 months ago
AWS NLB security groupasked 9 months ago
How does it work differently per target group?Accepted Answerasked 4 years ago