UpCloud: Enabling Forwarding Client IPs via the Load Balancer to Backend Web Servers
Prerequisites
What you will need for this to work:
- UpCloud Load balancer
- Web server (Apache/Nginx)
- Private SDN
By default client IP addresses are not fowarded from the load balancer to the backend servers. They only see the private load balancer address. This is a guide on how to configure the load balancer for this to work.
UpCloud Load Balancer
- Set the Load Balancer frontend HTTP mode.
- Add a Frontend rule for X-Forwarded headers.
- Optional: Enable the backend outbound proxy protocol v1.
Apache2
- On the server, update the webserver config file.
1<VirtualHost *:80>
2RemoteIPProxyProtocol On
3RemoteIPHeader X-Forwarded-For
4</VirtualHost>
- Enable the Remote IP module.
1sudo a2enmod remoteip
- Test the changes.
1sudo apache2ctl configtest
- Restart Apache.
1sudo systemctl restart apache2
https://www.globo.tech/learning-center/x-forwarded-for-ip-apache-web-server/
Nginx
- Config file:
1server {
2 listen 80 proxy_protocol default_server;
3 listen [::]:80 proxy_protocol default_server;
4
5 root /var/www/html;
6
7 index index.html index.htm index.nginx-debian.html;
8
9 server_name _;
10
11 location / {
12
13 try_files $uri $uri/ =404;
14 }
15
16 set_real_ip_from 10.0.1.0/24; #your private network sdn range
17 real_ip_header X-Forwarded-For;
18}
- Testing the changes.
1sudo nginx -t
- Restarting Nginx.
1sudo systemctl restart nginx
You should now get the client’s real IP address.
Optional Method
You do not 100% require the outbound proxy on the backend; just the frontend rule can work fine. This can also work to get the client IP.
For example, edit apache2.conf to add this line.
1LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" proxy
Then edit the virtualhost file to add this line.
1CustomLog ${APACHE_LOG_DIR}/access.log proxy
access.log will now show public client IP addresses.