ProxyProtocol get Source IP
Get real visitor IP using OVH Load Balancer with ProxyProtocol
Get real visitor IP using OVH Load Balancer with ProxyProtocol
In this case, we want to get sourceIP, scheme trouth OVH API LoadBalancing, without install our SSL Certitificate on it. This is helpfull if you have many domains with many SSL certificates.
We assume you have already an OVH Load Balancer HTTP configured, if not follow ..refs:fr/fr/cloud/iplb/configure-iplb
You have :
For this example we use this minimal nginx configuration on each backend.
log_format proxyprotocol '$proxy_protocol_addr - $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$request_time"';
server {
listen 80;
listen [::]:80;
server_name domain.tld www.domain.tld;
root /var/www/domain.tld/htdocs;
access_log /var/www/domain.tld/logs/access.log;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name domain.tld www.domain.tld;
root /var/www/domain.tld/htdocs;
ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem;
access_log /var/www/domain.tld/logs/access.log;
}
server {
listen 8080 proxyprotocol;
listen [::]:8080 proxyprotocol;
server_name domain.tld www.domain.tld;
root /var/www/domain.tld/htdocs;
access_log /var/www/domain.tld/logs/access.log proxyprotocol;
}
server {
listen 4443 ssl proxyprotocol;
listen [::]:4443 ssl proxyprotocol;
server_name domain.tld www.domain.tld;
root /var/www/domain.tld/htdocs;
ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem;
access_log /var/www/domain.tld/logs/access.log proxyprotocol;
}
You can't use ProxyProtocol and HTTP on the same port, and theses protocols aren't cross-compatible.
Backend# | Public IP | Zone |
---|---|---|
backend_1 | 213.186.0.1 | rbx |
backend_2 | 213.186.0.2 | rbx |
Create a new farm for each port on backend.
Parameter | Return 1 | Return 2 |
---|---|---|
id | 1000 | 10001 |
Parameter | Return 1 | Return 2 | Return 3 | Return 4 |
---|---|---|---|---|
id | 2000 | 20001 | 20002 | 20003 |
Don't forget to allow IPLoadbalancing trafic to your backends:
iptables -A INPUT -s 10.108.0.0/16 -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -s 10.108.0.0/16 -p tcp --dport 4443 -j ACCEPT
Please feel free to give any suggestions in order to improve this documentation.
Whether your feedback is about images, content, or structure, please share it, so that we can improve it together.
Your support requests will not be processed via this form. To do this, please use the "Create a ticket" form.
Thank you. Your feedback has been received.
Access your community space. Ask questions, search for information, post content, and interact with other OVHcloud Community members.
Discuss with the OVHcloud community