using digitalocean loadbalancer, how to get real ip?

January 9, 2018 1.9k views
Load Balancing

Digital ocean's Loadbalancer does not send X-Forwarded-For header, so how to get real ip info with load balancer?

2 Answers

DigitialOcean Load Balancers set the X-Forwarded-For, X-Forwarded-Proto, and X-Forwarded-Port headers to give backend nodes information about the original request. Though you'll need to ensure that you web server or application is configured to log that.

For example, if you were using Nginx, you could capture the original IP for a request by configuring a custom log_format directive and using it in your access_log directive. On Ubuntu , you would need to edit the main Nginx config located at /etc/nginx/nginx.conf Here's a very simple example as a proof of concept:

        log_format from-lb 'Original IP: $http_x_forwarded_for';
        access_log /var/log/nginx/access.log from-lb;

Of course, you'll likely want to log more information than that. Here's a more detailed log format that matches the default output but replaces uses the origin IP address:

        log_format main '$http_x_forwarded_for - $remote_user [$time_local] '
                        '"$request" $status $body_bytes_sent "$http_referer" '
                        '"$http_user_agent"' ;

        access_log /var/log/nginx/access.log main;

If you're using Nginx, you can find more details about configuring logging in this tutorial. If you aren't, let us know what web server you're using, and we can help more.

by Justin Ellingwood
Understanding the logging mechanisms of your server will help you diagnose problems and avoid larger problems down the road. In this article, we will explore Nginx's logging capabilities. We will discuss the configuration options and the tools that can be used to maintain your logs.

In case of https this only works when you do the SSL offloading on the load balancer. So if you need the client's real IP address, don't use certificate passthrough.

Have another answer? Share your knowledge.