Edge Acceleration
  • Site Acceleration
    • Overview
    • Quickly Import and Export Site Configuration
    • Access Control
      • Token Authentication
    • Smart Acceleration
    • File Optimization
      • Smart Compression
    • Network Optimization
      • HTTP/2
      • HTTP/3(QUIC)
        • Overview
        • Enable HTTP/3
        • QUIC SDK
          • SDK Overview
          • SDK Download and Integration
          • Sample Code
            • Android
            • iOS
          • API Documentation
            • Android
            • iOS
      • IPv6 Access
      • Maximum Upload Size
      • WebSocket
      • Client IP Geolocation Header
      • Client IP Geographical Location
      • gRPC
    • URL Rewrite
      • Access URL Redirection
      • Origin-Pull URL Rewrite
    • Modifying Header
      • Modifying HTTP Response Headers
      • Modifying HTTP Request Headers
    • Custom Error Page
    • Request and Response Actions
      • Processing order
      • Default HTTP Headers of Origin-Pull Requests
      • Default HTTP Response Headers
    • Media Services
      • Audio and Video Pre-pulling
      • Just-in-Time Image Processing
      • Just-in-Time Media Processing
      • VOD Media Origin
  • L4 Proxy
    • Overview
    • Creating an L4 Proxy Instance
    • Modifying an L4 Proxy Instance
    • Disabling or Deleting an L4 Proxy Instance
    • Batch Configuring Forwarding Rules
    • Obtaining Real Client IPs
      • Obtaining Real TCP Client IPs via TOA
      • Obtaining Real Client IPs Through Protocol V1/V2
        • Overview
        • Method 1: Obtaining Real Client IPs Through Nginx
        • Method 2: Parsing Real Client IPs on Application Server
        • Format of Real Client IPs Obtained Through Proxy Protocol V1/V2
      • Transmitting Client Real IP via SPP Protocol
  • Edge DNS
    • Hosting DNS Records
      • Modifying DNS Servers
      • Configuring DNS Records
      • Advanced DNS Configuration
    • Domain Connection
      • Adding A Domain Name for Acceleration
      • Ownership Verification
      • Modifying CNAME Records
    • Domain alias
      • Overview
      • Configuration Guide
      • Batch Connecting SaaS Domain Names
      • Configuring Alias Domain Names for Disaster Recovery
    • Traffic Scheduling
      • Traffic Scheduling Management
    • Origin Configuration
      • Origin-pull configuration
        • Configuring Origin-Pull HTTPS
        • Host Header Rewrite
        • Controlling Origin-pull Requests
        • Redirect Following During Origin-Pull
        • HTTP/2 Origin-Pull
        • Range GETs
      • Load Balancing
        • Overview
        • Quickly Create Load Balancers
        • Health Check Policies
        • Viewing the Health Status of Origin Server
        • Related References
          • Load Balancing-Related Concepts
          • Introduction to Request Retry Strategy
      • Origin Group Configuration
      • Related References
        • ld Version Origin Group Compatible Related Issues
      • Collect EdgeOne origin-pull node IP
  • Edge Cache
    • Overview
    • EdgeOne Cache Rules
      • Content Cache Rules
      • Cache Key Introduction
      • Vary Feature
    • Cache Configuration
      • Custom Cache Key
      • Node Cache TTL
      • Status Code Cache TTL
      • Browser Cache TTL
      • Offline Caching
      • Cache Prefresh
    • Clear and Preheat Cach
      • Cache Purge
      • URL Pre-Warming
    • How to improve the Cache Hit Rate of EdgeOne
  • Rules Engine
    • Overview
    • Supported Matching Types and Actions
    • Rule Management
    • variables
이 페이지는 현재 영어로만 제공되며 한국어 버전은 곧 제공될 예정입니다. 기다려 주셔서 감사드립니다.

Method 1: Obtaining Real Client IPs Through Nginx

Overview

If the TCP protocol is used on the origin, it is recommended to add a Nginx server that supports Proxy Protocol V1/V2 in front of the application server to obtain real client IPs.
Note:
The L4 proxy is only available with the Enterprise Edition package.
If the TCP protocol is used on the origin, and you want to directly parse the real client IPs on the application server, please see Parsing Real Client IPs on Application Server.

Deployment Mode




As shown in the above diagram, you need to deploy a Nginx server in front of the application server to remove the Proxy Protocol field. You can collect the real client IPs by analyzing Nginx logs on the Nginx server. At this time, you can point the origin address to the Nginx service when you configure the origin address in the EdgeOne L4 proxy service.

Directions

Step 1. Deploy Nginx service

Please select a Nginx version corresponding to the Proxy Protocol version you want to use.
For Proxy Protocol V1: Nginx Plus R11 and later versions, Nginx Open Source 1.11.4 and later versions.
For Proxy Protocol V2: Nginx Plus R16 and later versions, Nginx Open Source 1.13.11 and later versions.
For other Nginx versions, see Accepting the PROXY Protocol.
You need to install Nginx-1.18.0 and the stream module to enable L4 proxy service on Nginx. See installation directions below.
# Install the nginx build environment
yum -y install gcc gcc-c++ autoconf automake
yum -y install zlib zlib-devel openssl openssl-devel pcre-devel

# Decompress the source package
tar -zxvf nginx-1.18.0.tar.gz
# Enter the directory
cd nginx-1.18.0
# Set nginx compilation and installation configuration (with `--with-stream`)
./configure --prefix=/opt/nginx --sbin-path=/opt/nginx/sbin/nginx --conf-path=/opt/nginx/conf/nginx.conf --with-http_stub_status_module --with-http_gzip_static_module --with-stream
# Compilation
make
# Installation
make install

Step 2: Configure the stream module in Nginx

If you select Nginx-1.18.0, you can run the following command to open the configuration file nginx.conf.
vi /opt/nginx/conf/nginx.conf
Configuration of the stream module is as follows:
stream {
# Set the log format, where `proxy_protocol_addr` is the client address obtained by parsing the PP protocol, and `remote_addr` is the address of the previous hop.
log_format basic '$proxy_protocol_addr -$remote_addr [$time_local] '
'$protocol $bytes_sent $bytes_received '
'$session_time';

access_log logs/stream.access.log basic;
# upstream configuration
upstream RealServer {
hash $remote_addr consistent;
# 127.0.0.1:8888 is the IP address and port of the application server
server 127.0.0.1:8888 max_fails=3 fail_timeout=30s;
}
# server configuration
server {
# L4 listening port, which corresponds to the origin port configured in L4 proxy service. `proxy_protocol` is required to parse the PP protocol of incoming packets
listen 10000 proxy_protocol;
proxy_connect_timeout 1s;
proxy_timeout 3s;
proxy_pass RealServer;
}
}

Step 3: Configure L4 proxy forwarding rule

After configuring the Nginx service, you can modify the L4 proxy forwarding rule in the console. Change the origin address to the IP of the current Nginx service, and change the origin port to the L4 listening port configured in step 2. Select Proxy Protocol V1 or V2 for the Pass Client IP according to the forwarding protocol. For details, see Modifying L4 Proxy Forwarding Rules.




Step 4: Simulate client requests and verify results

You can build the TCP service, and simulate client requests on another server to verify the results. A sample is as below:
1. Create an HTTP service with Python on the current server to simulate the TCP service.
# Based on python2
python2 -m SimpleHTTPServer 8888

# Based on python3
python3 -m http.server 8888
2. Build a client request on another server, and simulate the TCP request with a curl request.
# Initiate an HTTP request with curl, where the domain is the L4 proxy domain, and `8888` is the L4 proxy forwarding port
curl -i "http://d42f15b7a9b47488.davidjli.xyz.acc.edgeonedy1.com:8888/"
3. Check Nginx logs on the Nginx server:



You can capture packets on the Nginx server and analyze the packets with Wireshark. After the TCP handshake is completed, the Proxy Protocol field is added in front of the first application data packet. Below is an example for Proxy Protocol V1. ① refers to the L4 proxy egress IP, ② refers to the Nginx server IP, ③ refers to the protocol version, ④ refers to the real client IP.