See original visitor IP with AWS ELB

What should I put in my Nginx configuration to see the original IP address of a visitor in our log files, while using ELB?

Hi there,

The reason you aren’t seeing the real IP address of your users behind an ELB is that you are terminating your SSL on your application servers (that’s where we install it for you, and configure Nginx accordingly). Since the connection between your user and the app server is encrypted, not even the load balancer can attach the real IP headers to the request, meaning that you’ll see the load balancers’ IP address as the source.

The easiest option in this case is to terminate the SSL on the load balancer itself, meaning that it will take care of your SSL, add the real IP to the header of the request, and pass it onto your app servers (this would be unencrypted). Thus you will be able to see the real IP in your logs (our Nginx is configured to receive this IP from the load balancer).

To set this up, simply follow these instructions:

1) Access your AWS EC2 dashboard and under “Networking & Security”, click “Load balancers”. There you will be able to see the load balancer(s) we have created for you. 2) You can identify the load balancer for this stack with the format “c66-", which is available on the Cloud 66 stack information page. 3) Once you've selected the right load balancer, go to the "Listener" tab and click "Edit". 4) Set the configurations according to the screenshot below, and click "Change" under SSL certificate to add your certificate.

Once this is done, please remove the SSL certificate add-in from your Cloud 66 stack. You’ll then start seeing the real user IP even over HTTPS. We’re also planning on adding support for this out of the box in the near future.

Though I’ve tested this myself, I would recommend that you try this on your staging stack before implementing it in production, to be on the safe side. Let me know how that goes for you!

You must be logged in to answer this question