Getting real client IP from behind NodeBalancer using nginx

Are you using https (i.e. tcp balancing) if so you can't get the real IP.

@obs:

Are you using https (i.e. tcp balancing) if so you can't get the real IP.

Yes, I am using HTTPS and hence am using TCP balancing.

I thought that since nginx is doing the SSL termination I would have full visibility into the request & packet (?)

Nope the tcp connection hits the node balancer which then forwards it to your nodes so you'll always see the node balancer IP.

nginx is terminating things, which means you've got an encrypted pipe between you and the user's web browser, and the NodeBlancer can't add the x-forwarded-for header (because it can't modify the encrypted data).

There are other ways you can get the customer's IP if required. If your app uses some sort of session mechanism, start the session on an unencrypted page, store the real IP, then redirect the user to an encrypted page. Or you could use an unencrypted landing page and redirect the user with the real IP as a GET or POST parameter or something.

I'm getting the same issue. Everything is okay with http requests, but https seems to fail with proper x-forwarded-for transfer at some point during client -> balancer -> nginx -> rails connection.

Reference states that it should work as balancer will terminate the SSL connection: https://www.linode.com/docs/platform/no … ence-guide">https://www.linode.com/docs/platform/nodebalancer/nodebalancer-reference-guide

~~http://chatik.ajaxy.ru/uploads/%D0%A1%D … .15.32.png">http://chatik.ajaxy.ru/uploads/%D0%A1%D0%BD%D0%B8%D0%BC%D0%BE%D0%BA%D1%8D%D0%BA%D1%80%D0%B0%D0%BD%D0%B02016-06-09%D0%B219.15.32.png" />

But it doesn't work for me though.

UPD

I was wrong. I'm using TCP instead of HTTPS protocol here.~~