AWS load balancer obtains the real IP address of the user

Create key id and key

1.Identity and Access Management (IAM)

Create a user

Selective programming access

Create a strategy

User and policy binding

To mark ali Cloud allocation strategy

End goal acquisition

aws_access_key_id =

aws_secret_access_key =

2. Configure policies

2.1 Preparing the Environment

yum -y install python-pip
pip install --upgrade pip
pip install --upgrade --user awscl
Copy the code

Note that you have your own ID and key and available space

cat <<EOF > ~/.aws/credentials
[default]
aws_access_key_id = ****
aws_secret_access_key = ***
region = ****
EOF

Copy the code

2.2 Configuration using Commands

2.2.1 Creating a Policy

Aws elb create-load-balancer-policy --load-balancer-name ELB name --policy-name EnableProxyProtocol --policy-type-name ProxyProtocolPolicyType --policy-attributes AttributeName=ProxyProtocol,AttributeValue=true
Copy the code

2.2.2 Enabling a Policy

aws elb set-load-balancer-policies-for-backend-server --load-balancer-name ELb name --instance-port 443 --policy-names EnableProxyProtocol aws elbset-load-balancer-policies-for-backend-server --load-balancer-name ELb name --instance-port 80 --policy-names EnableProxyProtocolCopy the code

2.2.3 Checking whether the policy takes effect

Yum -y install jq aws elb describe - the load balancers - - the load balancer - name elb name | jq'.LoadBalancerDescriptions[].BackendServerDescriptions'
Copy the code

If data is returned, it is enabled successfully

[{"InstancePort": 80,
    "PolicyNames": [
      "EnableProxyProtocol"] {},"InstancePort": 443,
    "PolicyNames": [
      "EnableProxyProtocol"]}]Copy the code

3. Nginx configuration

3.1 the HTTP configuration

The IP address is in the Intranet IP address segment of load balancing

Set_real_ip_from 172.31.0.0/16; real_ip_header proxy_protocol;Copy the code

Log module configuration (default for nginx1.16.0)

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

Copy the code

3.2 the service configuration

listen       80 proxy_protocol;
Copy the code

Finally, through load balancing access to Nginx, Nginx can obtain the real IP address of the user