This topic describes how to configure a Layer 4 Classic Load Balancer (CLB) listener to retrieve client IP addresses.

Background information

In most cases, backend servers of Layer 4 CLB can retrieve client IP addresses. However, if the client IP address of a request is translated into another IP address before CLB forwards the request to a backend server, the backend server cannot retrieve the client IP address. In this case, you can enable Proxy Protocol to pass the client IP address to the backend server. After you enable Proxy Protocol for a Layer 4 CLB listener, CLB adds a TCP header to the request without modifying the existing headers. The TCP header carries information such as the source IP address, destination IP address, source port, and destination port. CLB supports only Proxy Protocol v2. For more information, see The PROXY protocol.


You can enable Proxy Protocol for listeners of an IPv6 CLB instance to which IPv4 backend servers are added.


  • Before you enable Proxy Protocol, make sure that your backend servers support Proxy Protocol v2.

    NGINX Plus R16 and later versions and open source NGINX 1.13.11 and later versions support Proxy Protocol v2.

  • If a server group is associated with multiple CLB listeners, you must enable Proxy Protocol for all listeners.

Step 1: Create a TCP or UDP listener

  1. Log on to the CLB console.
  2. In the top navigation bar, select the region where the CLB instance is deployed.
  3. On the Instances page, find the CLB instance and click Configure Listener in the Actions column.
  4. Configure the listener as prompted.
    • Select Listener Protocol: Select TCP or UDP.
    • Proxy Protocol: Click Modify next to the Advanced section and select Use the proxy protocol to pass client IP addresses to backend servers. Select I Understand and Accept Preceding Risks and click Next.
    For more information, see Add a TCP listener and Add a UDP listener.

Step 2: Enable Proxy Protocol for the backend server

After you enable Proxy Protocol for a listener, you must also enable Proxy Protocol for the associated backend server. Otherwise, forwarding failures or health check failures may occur.

Log on to the backend server and run the following command to enable Proxy Protocol to retrieve client IP addresses:
http {
    server {
        listen 80   proxy_protocol;
        listen 443  ssl proxy_protocol;
stream {
    server {
        listen 12345 proxy_protocol;

Step 3: Retrieve client IP addresses

  • The following example shows how an IPv4 client IP address is preserved in the Proxy Protocol v2 header in the binary format.IPv4
  • The following example shows how an IPv6 client IP address is preserved in the Proxy Protocol v2 header in the binary format.IPv6