Help Center/ Global Accelerator/ Best Practices/ Transferring the Source IP Address of a Client
Updated on 2025-06-06 GMT+08:00

Transferring the Source IP Address of a Client

Scenarios

Global Accelerator can transfer the client IP address to backend servers.

This section describes how the source IP addresses are transferred in different scenarios.

Constraints

  • Proxy Protocol can be used only when both the proxy server and backend servers support it. If backend servers do not support Proxy Protocol, directly enabling this feature may cause backend servers to fail to parse packets, which will hinder service availability.
  • Global Accelerator only supports Proxy Protocol v2. The constraints on this feature vary by the listener's protocol.
    • UDP: The client IP address cannot be transferred.
    • TCP: The backend server must be configured differently depending on the endpoint type.
      For details, see the below table.

      Endpoint Type

      Support for Client IP Address Transferring

      Backend Server Configuration

      Description

      ECS

      Supported

      Not required (The source IP address in the packet received by the backend service is the source IP address of the client.)

      • By default, Global Accelerator uses the TCP Option Address (TOA) kernel module to transfer client IP addresses to backend servers. You need to configure the TOA plug-in on each backend server to obtain the source IP addresses.

        For details, see Configuring the TOA Module.

      • If Proxy Protocol is enabled, the global accelerator uses it to transfer the source IP address of the client to backend servers. Ensure that Proxy Protocol is also enabled on your backend servers.

      EIP

      Required

      ELB

      IP address

      Custom domain name

      Custom EIP

Transferring Client IP Addresses Using Proxy Protocol

The following uses an EIP as an endpoint to describe how to enable Proxy Protocol and view the obtained client IP addresses.

  1. Submit a service ticket to enable Proxy Protocol.
  2. Enable Proxy Protocol on the backend servers.

    To enable Proxy Protocol, add the corresponding port to either the http{} or stream{} module of Nginx.

    http {
        #...
        server {
            listen 8080 proxy_protocol;    #Enable proxy protocol parsing on port 8080.
            #...
        }
    }
    
    stream {
        #...
        server {
            listen 8090 proxy_protocol;    #Enable proxy protocol parsing on port 8090.
            #...
        }
    }
  3. Transfer the client IP addresses.

    After Proxy Protocol is enabled, Nginx preserves the source IP addresses of the clients in proxy_protocol_addr. You can save it in logs.

    http {
        #...
        log_format  main  '[$time_local] $proxy_protocol_addr : $proxy_protocol_port $host "$request" '
        '$status $body_bytes_sent "$http_referer" '
        '"$http_user_agent" "$http_x_forwarded_for"';
    }
    
    stream {
        #...
        log_format  main  '[$time_local] $proxy_protocol_addr : $proxy_protocol_port $host "$request" '
        '$status $body_bytes_sent "$http_referer" '
        '"$http_user_agent" "$http_x_forwarded_for"';
    }
  4. Check the log to view the source IP addresses of the clients.