- Newest
- Most votes
- Most comments
It will work fine with an AWS NLB, as long as you don't need the original source IP to be retained and are okay accessing the site with the DNS name pointing to the NLB and not directly with the VM's own DNS name.
Simply disable the preserve_client_ip.enabled
target group attribute (https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_TargetGroupAttribute.html), which is shown in the console by the title, "Preserve client IP addresses." Then access the site with a DNS name that is an alias for the NLB's DNS name or IP address(es) (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-elb-load-balancer.html).
With client IP preservation disabled, connections from the VM to the NLB will work in the normal manner, but when the NLB connects back to the VM, the source IP of the connection will be one of the NLB's IP addresses and not the VM's own IP. This will cause the VM to see both its outbound connections to the NLB going to and incoming connections from the NLB coming from the NLB, and the VM will have no perception of talking to itself.
One usually inconsequential side effect is that the logs for your website will show all request having come from the NLB's IP address(es), so you won't see if they came from your VM or from someone else who could potentially connect to the NLB. You can restrict access to the NLB by attaching a security group to the NLB when you create it (one cannot be added afterwards).
Relevant content
- asked 3 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago