HAProxy客户端IP地址的透传
环境准备
server | IP |
---|---|
client | 172.20.27.10 |
haproxy | 172.20.27.20,192.168.27.10 |
nginx | 192.168.27.21 |
nginx操作
1.首先对nginx的主配置中的日志做修改
[[email protected] ~]# vim /apps/nginx/conf/nginx.conf
log_format access_json ‘{"@timestamp":"$time_iso8601",‘
? ? ? ‘"host":"$server_addr",‘
? ? ? ‘"clientip":"$remote_addr",‘
? ? ? ‘"size":$body_bytes_sent,‘
? ? ? ‘"responsetime":$request_time,‘
? ? ? ‘"upstreamtime":"$upstream_response_time",‘
? ? ? ‘"upstreamhost":"$upstream_addr",‘
? ? ? ‘"http_host":"$host",‘
? ? ? ‘"uri":"$uri",‘
? ? ? ‘"domain":"$host",‘
? ? ? ‘"xff":"$http_x_forwarded_for",‘ #使用http透传
? ? ? ‘"referer":"$http_referer",‘
? ? ? ‘"tcp_xff":"$proxy_protocol_addr",‘ #使用tcp透传
? ? ? ‘"http_user_agent":"$http_user_agent",‘
? ? ? ‘"status":"$status"}‘;
2.在配置文件中调用此文件
[[email protected] ~]# vim /apps/nginx/conf/servers/mylinuxops.conf
server {
server_name www.mylinuxops.com;
listen 80;
access_log /apps/nginx/logs/mylinuxops.log access_json;
location / {
root /data/www;
index index.html;
}
}
配置HAProxy(http透传)
未使用http透传前
[[email protected] ~]# tail /apps/nginx/logs/mylinuxops.log
{"@timestamp":"2019-06-04T16:30:47+08:00",???"host":"192.168.27.21",???"clientip":"172.20.27.10",???"size":19,???"responsetime":0.000,???"upstreamtime":"-",???"upstreamhost":"-",???"http_host":"www.mylinuxops.com",???"uri":"/index.html",???"domain":"www.mylinuxops.com",???"xff":"-",???"referer":"-",???"tcp_xff":"",???"http_user_agent":"curl/7.29.0",???"status":"200"}
#xff显示为"-"
修改HAProxy配置文件,使用http模式下的ip透传
[[email protected] ~]# vim /etc/haproxy/haproxy.cfg
listen web
bind 172.20.27.20:80
mode http #模式改为http
option forwardfor #开启forwardfor选项
server web1 www.mylinuxops.com:80 check inter 3000 fall3 rise 5
测试
使用客户端访问
[[email protected] ~]# curl www.mylinuxops.com
www.mylinuxops.com
查看nginx上的日志
[[email protected]inx ~]# tail -f /apps/nginx/logs/mylinuxops.log
{"@timestamp":"2019-06-04T17:29:22+08:00",???"host":"192.168.27.21",???"clientip":"192.168.27.10",???"size":19,???"responsetime":0.000,???"upstreamtime":"-",???"upstreamhost":"-",???"http_host":"www.mylinuxops.com",???"uri":"/index.html",???"domain":"www.mylinuxops.com",???"xff":"172.20.27.10",???"referer":"-",???"tcp_xff":"",???"http_user_agent":"curl/7.29.0",???"status":"200"}
#"xff":"172.20.27.10" 客户端的地址被透传过来了
配置HAProxy(tcp透传)
1.修改HAProxy配置文件
[[email protected] ~]# vim /etc/haproxy/haproxy.cfg
listen web
bind 172.20.27.20:80
mode tcp #将mode改为tcp
option forwardfor #开启forwardfor选项
server web1 www.mylinuxops.com:80 send-proxy check inter 3000 fall 3 rise 5 #在定义后端服务时加上 send-proxy参数。
2.修改nginx的配置文件
[[email protected] ~]# vim /apps/nginx/conf/servers/mylinuxops.conf
server {
server_name www.mylinuxops.com;
listen 80 proxy_protocol; #在listen选项后添加proxy_protocol选项
access_log /apps/nginx/logs/mylinuxops.log access_json;
location / {
root /data/www;
index index.html;
}
}
测试
使用客户端访问
[[email protected] ~]# curl www.mylinuxops.com
www.mylinuxops.com
在nginx上查看日志
[[email protected] ~]# tail -f /apps/nginx/logs/mylinuxops.log
{"@timestamp":"2019-06-04T17:43:57+08:00",???"host":"192.168.27.21",???"clientip":"192.168.27.10",???"size":19,???"responsetime":0.000,???"upstreamtime":"-",???"upstreamhost":"-",???"http_host":"www.mylinuxops.com",???"uri":"/index.html",???"domain":"www.mylinuxops.com",???"xff":"-",???"referer":"-",???"tcp_xff":"172.20.27.10",???"http_user_agent":"curl/7.29.0",???"status":"200"}
#"tcp_xff":"172.20.27.10" 客户端的地址在tcp的模式下被传送过来
原文地址:https://blog.51cto.com/11886307/2406608
时间: 2024-11-07 18:49:56