Welcome! Log In Create A New Profile

Advanced

Re: proxy_protocol - access server directly

August 12, 2016 05:10PM
On Fri, Aug 12, 2016 at 4:49 PM, Roman Arutyunyan <arut@nginx.com> wrote:

> On Fri, Aug 12, 2016 at 04:07:26PM -0400, Jeff Dyke wrote:
> > Thank you Roman, i knew it would be painfully obvious once the solution
> was
> > presented to me....
> >
> > Very much appreciate it!
>
> Just to clarify - you obviously have to specify another port in the new
> "listen"
> directive.
>
> well not really, i just used the direct IP rather than the 0.0.0.0:443 or
443 listen directive and it all seemed to be fine. Should that cause
issues going forward. nginx config test and restart was happy and tests on
both sides of the site, api and www are good.

Jeff

> >
> > Jeff
> >
> > On Fri, Aug 12, 2016 at 2:29 PM, Roman Arutyunyan <arut@nginx.com>
> wrote:
> >
> > > Hello,
> > >
> > > On Fri, Aug 12, 2016 at 02:08:55PM -0400, Jeff Dyke wrote:
> > > > i have configured haproxy 1.6 and nginx 1.10.1 and all is well, but
> i'd
> > > > like to be able to access the servers directly on occasion and not
> > > through
> > > > haproxy. Mainly this is done for troubleshooting or viewing a
> release
> > > > before it goes out to the public (its off the LB at the time).
> > > >
> > > > Unfortunately accessing the server directly gives me a 400 and the
> logs
> > > > show Broken Header error messages. Is there a way around this without
> > > > removing proxy_protocol from the vhost configuration?
> > > >
> > > > Thanks
> > > >
> > > > minimal config:
> > > > server {
> > > > listen 443 ssl http2 default_server proxy_protocol;
> > > > // other stuff
> > > > set_real_ip_from XXX.XXX.XX.XX;
> > > > set_real_ip_from NNN.NNN.NNN.NNN;
> > > > real_ip_header proxy_protocol;
> > > > // more stuff
> > > > }
> > > >
> > > > Example error.log entry
> > > > VX�www.example.com#" while reading PROXY protocol, client:
> YY.YY.YY.YY,
> > > > server: 0.0.0.0:8000
> > > > 2016/08/11 11:25:28 [error] 23818#23818: *1445 broken header:
> "illegible
> > > > characters"
> > >
> > > You can add another "listen" directive without the proxy_protocol
> option.
> > > Nginx will always expect the PROXY protocol header if it's specified
> in the
> > > "listen" directive.
> > >
> > > --
> > > Roman Arutyunyan
> > >
> > > _______________________________________________
> > > nginx mailing list
> > > nginx@nginx.org
> > > http://mailman.nginx.org/mailman/listinfo/nginx
>
> > _______________________________________________
> > nginx mailing list
> > nginx@nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
>
>
> --
> Roman Arutyunyan
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

proxy_protocol - access server directly

jeffdyke August 12, 2016 02:10PM

Re: proxy_protocol - access server directly

Roman Arutyunyan August 12, 2016 02:30PM

Re: proxy_protocol - access server directly

jeffdyke August 12, 2016 04:08PM

Re: proxy_protocol - access server directly

Roman Arutyunyan August 12, 2016 04:52PM

Re: proxy_protocol - access server directly

jeffdyke August 12, 2016 05:10PM

Re: proxy_protocol - access server directly

Roman Arutyunyan August 12, 2016 05:26PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 51
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready