<h2 id="heading-prerequisite">Prerequisite</h2>
<ul>
<li><strong>Install AWS Load Balancer Controller</strong>: This controller is essential for managing AWS load balancers in a Kubernetes environment.</li>
</ul>
<h2 id="heading-step-1-enable-proxy-protocol-in-nlb-target-group">Step 1: Enable Proxy Protocol in NLB Target Group</h2>
<ul>
<li><p>Add the following annotation to your NLB Target Group to enable the Proxy Protocol:</p>
<p>  <a target="_blank" href="http://service.beta.kubernetes.io/aws-load-balancer-proxy-protocol">service.beta.kubernetes.io/aws-load-balancer-proxy-protocol</a>: "*"</p>
</li>
</ul>
<p>This ensures that the NLB forwards the original client's IP address along with other connection information.</p>
<h2 id="heading-step-2-configure-nginx-ingress-controller">Step 2: Configure Nginx Ingress Controller</h2>
<p>Modify the <code>values.yaml</code> file of the Nginx Ingress Controller with the following settings:</p>
<ul>
<li><p><code>use-forwarded-headers: "true"</code>: This instructs Nginx to use the <code>X-Forwarded-*</code> headers, which may contain the client's original IP address as forwarded by the NLB.</p>
</li>
<li><p><code>use-proxy-protocol: true</code>: Configures the Nginx Ingress Controller to expect and handle the Proxy Protocol header, including the original client IP, from the NLB.</p>
</li>
<li><p><code>enable-real-ip: true</code>: Activates the <code>real_ip</code> module in Nginx, allowing it to replace the client IP address (which would appear as the NLB's IP) with the one specified in the <code>X-Forwarded-For</code> or <code>X-Real-IP</code> headers.</p>
</li>
</ul>


## Prerequisite

* **Install AWS Load Balancer Controller**: This controller is essential for managing AWS load balancers in a Kubernetes environment.
    

## Step 1: Enable Proxy Protocol in NLB Target Group

* Add the following annotation to your NLB Target Group to enable the Proxy Protocol:
    
    [service.beta.kubernetes.io/aws-load-balancer-proxy-protocol](http://service.beta.kubernetes.io/aws-load-balancer-proxy-protocol): "\*"
    

This ensures that the NLB forwards the original client's IP address along with other connection information.

## Step 2: Configure Nginx Ingress Controller

Modify the `values.yaml` file of the Nginx Ingress Controller with the following settings:

* `use-forwarded-headers: "true"`: This instructs Nginx to use the `X-Forwarded-*` headers, which may contain the client's original IP address as forwarded by the NLB.
    
* `use-proxy-protocol: true`: Configures the Nginx Ingress Controller to expect and handle the Proxy Protocol header, including the original client IP, from the NLB.
    
* `enable-real-ip: true`: Activates the `real_ip` module in Nginx, allowing it to replace the client IP address (which would appear as the NLB's IP) with the one specified in the `X-Forwarded-For` or `X-Real-IP` headers.

My Notes

My Notes

Preserving Client IP in Nginx Ingress Controller with AWS NLB

Prerequisite

Step 1: Enable Proxy Protocol in NLB Target Group

Step 2: Configure Nginx Ingress Controller