Getting Real Client IP for TCP Protection¶

Proxy Protocol¶

Enable Proxy Protocol¶

In the console, select [Layer 4 Proxy] > [Proxy Protocol], choose the port that needs to get the real IP, click configure, and enable the proxy protocol in the configuration. As shown below:

Note: The proxy protocol is disabled by default. After enabling, it will show as enabled. When enabled under the same package, all ports must be enabled together.

Origin Server Configuration¶

Add proxy_protocol after the port configuration in the origin server. (Nginx version should not be lower than 1.9.10)

Nginx configuration example:

server {
  listen 443 ssl proxy_protocol http2;
  server_name _;
}

server {
  listen 80 proxy_protocol;
  server_name _;
}

Modify log_format adding $proxy_protocol_addr .

http {
  log_format main '$proxy_protocol_addr $remote_addr - $remote_user [$time_local] "$request" '
           '$status $body_bytes_sent "$http_referer" '
           '"$http_user_agent" "$http_x_forwarded_for"';
}

Restart nginx to take effect, complete configuration.

Note:

When the source server configuration has the proxy_protocol protocol, this source server's port can only receive data from this node, the node and the source server need to support this protocol.