Configure TCP → Proxy rule

Last update: August 21 2024

Configure TCP → Proxy rule

To see the actual IP addresses of the clients that access the load balancer, you can create a TCP → Proxy rule and use the Proxy Protocol. The client information will be added to the connection header.

Read more in the instructions Changing the IP address of the load balancer to the client IP address nginx documentation.

For HTTP

1. Make sure that created a load balancer with the following parameters:

   • for target group — PROXY protocol and port 80;
   • for rules — TCP protocol and port 80.

   Available balancers can be viewed at control panels under Cloud platform →Balancers → tab Balancers.

2. Connect to the cloud server from the task force.

3. Install and configure nginx:

   apt update
   apt install nginx
   systemctl start nginx

4. Open the configuration file on the cloud server:

   nano /etc/nginx/sites-enabled/default

5. Change the lines in the block server:

   server {
       listen 80 proxy_protocol;
   
       set_real_ip_from <loadbalancer_ip_address>;
       real_ip_header proxy_protocol;
   
       ...
   }

   Specify <loadbalancer_ip_address> — the private IP address of the load balancer, e.g. 192.168.0.3. You can look in control panels under Cloud platform → Balancers → tab Balancers → load balancer page. Used as a trusted address — more about to the set_real_ip_from directive in the nginx documentation.

For HTTPS

1. Make sure that created a load balancer with the following parameters:

   • for target group — PROXY protocol and port 80;
   • for rules — TCP protocol and port 80.

   Available balancers can be viewed at control panels under Cloud platform →Balancers → tab Balancers.

2. Connect to the cloud server from the task force.

3. Install and configure nginx:

   apt update
   apt install nginx
   systemctl start nginx

4. Open the configuration file on the cloud server:

   nano /etc/nginx/sites-enabled/default

5. Change the lines in the block server:

   server {
       listen 443 ssl proxy_protocol;
   
       ssl_certificate /etc/nginx/ssl/public.example.com.pem;
       ssl_certificate_key /etc/nginx/ssl/public.example.com.key;
   
       set_real_ip_from <loadbalancer_ip_address>;
       real_ip_header proxy_protocol;
   
       ...
   }

   Specify <loadbalancer_ip_address> — the private IP address of the load balancer, e.g. 192.168.0.3. You can look in control panels under Cloud platform → Balancers → tab Balancers → load balancer page. Used as a trusted address — more about to the set_real_ip_from directive in the nginx documentation.