ProxyProtocol get Source IP

Kontaktieren Sie uns

Get real visitor IP using OVH Load Balancer with ProxyProtocol

Wissensdatenbanken

KB0044173

641 Ansichten

12.10.2018

Cloud / OVHcloud Load Balancer

Introduction

In this case, we want to get sourceIP, scheme trouth OVH API LoadBalancing, without install our SSL Certitificate on it. This is helpful if you have many domains with many SSL certificates.

Requirements

We assume you have already an OVH Load Balancer HTTP configured, if not follow ..refs:fr/fr/cloud/iplb/configure-iplb

You have :

An OVH Load Balancer service
Nginx (or Apache with mod_proxyprotocol) on an OVH backend
A domain (option)
An SSL certificate (option)

Nginx Configuration

For this example we use this minimal nginx configuration on each backend.

log_format proxyprotocol '$proxy_protocol_addr - $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent  "$http_referer" "$http_user_agent" "$request_time"';
server {
    listen 80;
    listen [::]:80;

    server_name domain.tld www.domain.tld;
    root /var/www/domain.tld/htdocs;
    access_log    /var/www/domain.tld/logs/access.log;
}
server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name domain.tld www.domain.tld;
    root /var/www/domain.tld/htdocs;

    ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem;
    access_log    /var/www/domain.tld/logs/access.log;
}
server {
    listen 8080 proxyprotocol;
    listen [::]:8080 proxyprotocol;

    server_name domain.tld www.domain.tld;
    root /var/www/domain.tld/htdocs;
    access_log    /var/www/domain.tld/logs/access.log proxyprotocol;
}
server {
    listen 4443 ssl proxyprotocol;
    listen [::]:4443 ssl proxyprotocol;

    server_name domain.tld www.domain.tld;
    root /var/www/domain.tld/htdocs;

    ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem;
    access_log    /var/www/domain.tld/logs/access.log proxyprotocol;
}

Port 80 / 443 are used for direct connexion to backend (for test, management, ...)
Port 8080 / 4443 are used with LoadBalancer

You can't use ProxyProtocol and HTTP on the same port, and theses protocols aren't cross-compatible.

Infrastructure

Backend#	Public IP	Zone
backend_1	213.186.0.1	rbx
backend_2	213.186.0.2	rbx

Configuration

Add backends

Create a new farm for each port on backend.

POST /ipLoadbalancing/{serviceName}/http/farm

Parameter	Return 1	Return 2
id	1000	10001

POST /ipLoadbalancing/{serviceName}/http/farm/{farmId}/server

Parameter	Return 1	Return 2	Return 3	Return 4
id	2000	20001	20002	20003

Add frontend

POST /ipLoadbalancing/{serviceName}/http/frontend

Apply changes

POST /ipLoadbalancing/{serviceName}/refresh

Firewall

Don't forget to allow IPLoadbalancing traffic to your backends:

GET /ipLoadbalancing/{serviceName}/natIp

iptables -A INPUT -s 10.108.0.0/16 -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -s 10.108.0.0/16 -p tcp --dport 4443 -j ACCEPT

Hat Ihnen diese Seite geholfen?

Ja

Nein

Zugehörige Artikel

Konfiguration von HTTP/2 auf dem OVHcloud Load Balancer

327 2026-03-25 17:47:08 Cloud / OVHcloud Load Balancer
Configuration of probes on an OVHcloud Load Balancer service

88 2026-03-26 10:54:07 Cloud / OVHcloud Load Balancer
Configuring an OVHcloud Load Balancer with ProxyProtocol

79 2026-03-26 10:54:09 Cloud / OVHcloud Load Balancer
Configuration of an OVHcloud Load Balancer service - HTTP headers

75 2026-03-26 10:54:05 Cloud / OVHcloud Load Balancer
How to configure SMTP on a Load Balancer service

74 2026-03-26 10:54:01 Cloud / OVHcloud Load Balancer