Thompson, Paige
August 31, 2012 02:34PM
I got through all of that, finally i'm to nginx...

I only have one load balancer at the moment, but given the addition of
a second or third in which I cannot rely on all of the ip addresses to
be expressible any other way than 0.0.0.0/24.

set_real_ip_from 10.0.0.0/24;
real_ip_header X-Forwarded-For;

This simply does not work, however if I put a single load balancers IP
address there, it does. It seems like you guys went out of your way to
make sure that people set /something/ rather than nothing with the
real_ip_header variable which is good, the bad thing is you're not
leaving me many options as far as overriding the behavior of
preventing me from allowing anybody in the world to send
X-Forwarded-For...

......which doesn't make any sense because thanks to iptables the only
machine that could ever send that would be my load balancer or
balancers:

ACCEPT tcp -- 10.178.101.53 anywhere tcp dpt:http
ACCEPT tcp -- 10.178.101.53 anywhere tcp dpt:https

I'm begging you guys please. Please don't save me from myself,
completely. Please. I have absolutely no need for this behavior, given
that stud, my ssl terminator, gets the tcp remote connection ip which
it uses for X-Forwarded-For, which in turn is sent to haproxy... and
the nginx servers only allow connections from the haproxy server...

oh another important thing to mention is that stud runs on the load
balancer server(s). Again there could end up being multiple
stud+haproxy servers that could talk to the nginx nodes... CIDR can't
express random ip addresses..... please fix set_real_ip_from to allow
0.0.0.0/24.

Thank you,


Paige Adele Thompson
http://paigeat.info
paigeat@paigeat.info

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Stud -> Haproxy -> and Nginx; nginx real_ip_header isn't working as expected, can't scale

Thompson, Paige August 31, 2012 02:34PM

Re: Stud -> Haproxy -> and Nginx; nginx real_ip_header isn't working as expected, can't scale

Francis Daly August 31, 2012 06:36PM

Re: Stud -> Haproxy -> and Nginx; nginx real_ip_header isn't working as expected, can't scale

Francis Daly August 31, 2012 06:44PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 49
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready