Recently there is a requirement to forward TCP requests to the real back-end server through a transit server, but the problem encountered now is that the back-end server cannot obtain the user's real IP.
Please note that it is a TCP connection, not HTTP. It is a function in the stream module of NGINX. I checked a lot of information online. The official NGINX document says it can be solved, but does not give detailed operation guidance. , I hope friends who have already implemented it can help answer the question. Also, if LVS is used as a load, can the back-end server obtain the real IP of the client if the machine is not in the same network segment? If possible, please link to relevant articles.
Reference documentation:
https://nginx.org/en/docs/str...
https://www.nginx.com/blog/tc...
LVS cannot obtain the real IP by default in nat or fullnat mode.
Alibaba’s fullnat can pass the real IP to the backend through TCP Option.
nginx’s stream module can pass the real IP through proxy protocol https://www.haproxy.org/downl...
Both have one thing in common:
The backend needs to modify the code to obtain this IP.