Welcome! Log In Create A New Profile

Re: proxy_protocol - access server directly

Forum List Message List New Topic Print View

jeffdyke

August 12, 2016 05:10PM

Registered: 7 years ago
Posts: 35

On Fri, Aug 12, 2016 at 4:49 PM, Roman Arutyunyan <arut@nginx.com> wrote:

> On Fri, Aug 12, 2016 at 04:07:26PM -0400, Jeff Dyke wrote:
> > Thank you Roman, i knew it would be painfully obvious once the solution
> was
> > presented to me....
> >
> > Very much appreciate it!
>
> Just to clarify - you obviously have to specify another port in the new
> "listen"
> directive.
>
> well not really, i just used the direct IP rather than the 0.0.0.0:443 or
443 listen directive and it all seemed to be fine. Should that cause
issues going forward. nginx config test and restart was happy and tests on
both sides of the site, api and www are good.

Jeff

> >
> > Jeff
> >
> > On Fri, Aug 12, 2016 at 2:29 PM, Roman Arutyunyan <arut@nginx.com>
> wrote:
> >
> > > Hello,
> > >
> > > On Fri, Aug 12, 2016 at 02:08:55PM -0400, Jeff Dyke wrote:
> > > > i have configured haproxy 1.6 and nginx 1.10.1 and all is well, but
> i'd
> > > > like to be able to access the servers directly on occasion and not
> > > through
> > > > haproxy. Mainly this is done for troubleshooting or viewing a
> release
> > > > before it goes out to the public (its off the LB at the time).
> > > >
> > > > Unfortunately accessing the server directly gives me a 400 and the
> logs
> > > > show Broken Header error messages. Is there a way around this without
> > > > removing proxy_protocol from the vhost configuration?
> > > >
> > > > Thanks
> > > >
> > > > minimal config:
> > > > server {
> > > > listen 443 ssl http2 default_server proxy_protocol;
> > > > // other stuff
> > > > set_real_ip_from XXX.XXX.XX.XX;
> > > > set_real_ip_from NNN.NNN.NNN.NNN;
> > > > real_ip_header proxy_protocol;
> > > > // more stuff
> > > > }
> > > >
> > > > Example error.log entry
> > > > VX�www.example.com#" while reading PROXY protocol, client:
> YY.YY.YY.YY,
> > > > server: 0.0.0.0:8000
> > > > 2016/08/11 11:25:28 [error] 23818#23818: *1445 broken header:
> "illegible
> > > > characters"
> > >
> > > You can add another "listen" directive without the proxy_protocol
> option.
> > > Nginx will always expect the PROXY protocol header if it's specified
> in the
> > > "listen" directive.
> > >
> > > --
> > > Roman Arutyunyan
> > >
> > > _______________________________________________
> > > nginx mailing list
> > > nginx@nginx.org
> > > http://mailman.nginx.org/mailman/listinfo/nginx
>
> > _______________________________________________
> > nginx mailing list
> > nginx@nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
>
>
> --
> Roman Arutyunyan
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
proxy_protocol - access server directly	jeffdyke	August 12, 2016 02:10PM
Re: proxy_protocol - access server directly	Roman Arutyunyan	August 12, 2016 02:30PM
Re: proxy_protocol - access server directly	jeffdyke	August 12, 2016 04:08PM
Re: proxy_protocol - access server directly	Roman Arutyunyan	August 12, 2016 04:52PM
Re: proxy_protocol - access server directly	jeffdyke	August 12, 2016 05:10PM
Re: proxy_protocol - access server directly	Roman Arutyunyan	August 12, 2016 05:26PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 255

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018