Welcome! Log In Create A New Profile

Advanced

Re: proxy_protocol - access server directly

Roman Arutyunyan
August 12, 2016 05:26PM
On Fri, Aug 12, 2016 at 05:08:11PM -0400, Jeff Dyke wrote:
> On Fri, Aug 12, 2016 at 4:49 PM, Roman Arutyunyan <arut@nginx.com> wrote:
>
> > On Fri, Aug 12, 2016 at 04:07:26PM -0400, Jeff Dyke wrote:
> > > Thank you Roman, i knew it would be painfully obvious once the solution
> > was
> > > presented to me....
> > >
> > > Very much appreciate it!
> >
> > Just to clarify - you obviously have to specify another port in the new
> > "listen"
> > directive.
> >
> > well not really, i just used the direct IP rather than the 0.0.0.0:443 or
> 443 listen directive and it all seemed to be fine. Should that cause
> issues going forward. nginx config test and restart was happy and tests on
> both sides of the site, api and www are good.

That's fine too.

>
> Jeff
>
> > >
> > > Jeff
> > >
> > > On Fri, Aug 12, 2016 at 2:29 PM, Roman Arutyunyan <arut@nginx.com>
> > wrote:
> > >
> > > > Hello,
> > > >
> > > > On Fri, Aug 12, 2016 at 02:08:55PM -0400, Jeff Dyke wrote:
> > > > > i have configured haproxy 1.6 and nginx 1.10.1 and all is well, but
> > i'd
> > > > > like to be able to access the servers directly on occasion and not
> > > > through
> > > > > haproxy. Mainly this is done for troubleshooting or viewing a
> > release
> > > > > before it goes out to the public (its off the LB at the time).
> > > > >
> > > > > Unfortunately accessing the server directly gives me a 400 and the
> > logs
> > > > > show Broken Header error messages. Is there a way around this without
> > > > > removing proxy_protocol from the vhost configuration?
> > > > >
> > > > > Thanks
> > > > >
> > > > > minimal config:
> > > > > server {
> > > > > listen 443 ssl http2 default_server proxy_protocol;
> > > > > // other stuff
> > > > > set_real_ip_from XXX.XXX.XX.XX;
> > > > > set_real_ip_from NNN.NNN.NNN.NNN;
> > > > > real_ip_header proxy_protocol;
> > > > > // more stuff
> > > > > }
> > > > >
> > > > > Example error.log entry
> > > > > VX�www.example.com#" while reading PROXY protocol, client:
> > YY.YY.YY.YY,
> > > > > server: 0.0.0.0:8000
> > > > > 2016/08/11 11:25:28 [error] 23818#23818: *1445 broken header:
> > "illegible
> > > > > characters"
> > > >
> > > > You can add another "listen" directive without the proxy_protocol
> > option.
> > > > Nginx will always expect the PROXY protocol header if it's specified
> > in the
> > > > "listen" directive.
> > > >
> > > > --
> > > > Roman Arutyunyan
> > > >
> > > > _______________________________________________
> > > > nginx mailing list
> > > > nginx@nginx.org
> > > > http://mailman.nginx.org/mailman/listinfo/nginx
> >
> > > _______________________________________________
> > > nginx mailing list
> > > nginx@nginx.org
> > > http://mailman.nginx.org/mailman/listinfo/nginx
> >
> >
> > --
> > Roman Arutyunyan
> >
> > _______________________________________________
> > nginx mailing list
> > nginx@nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
> >

> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


--
Roman Arutyunyan

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

proxy_protocol - access server directly

jeffdyke August 12, 2016 02:10PM

Re: proxy_protocol - access server directly

Roman Arutyunyan August 12, 2016 02:30PM

Re: proxy_protocol - access server directly

jeffdyke August 12, 2016 04:08PM

Re: proxy_protocol - access server directly

Roman Arutyunyan August 12, 2016 04:52PM

Re: proxy_protocol - access server directly

jeffdyke August 12, 2016 05:10PM

Re: proxy_protocol - access server directly

Roman Arutyunyan August 12, 2016 05:26PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 102
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready