proxy_protocol - access server directly

Roman Arutyunyan arut at nginx.com
Fri Aug 12 18:29:16 UTC 2016


Hello,

On Fri, Aug 12, 2016 at 02:08:55PM -0400, Jeff Dyke wrote:
> i have configured haproxy 1.6 and nginx 1.10.1 and all is well, but i'd
> like to be able to access the servers directly on occasion and not through
> haproxy.  Mainly this is done for troubleshooting or viewing a release
> before it goes out to the public (its off the LB at the time).
> 
> Unfortunately accessing the server directly gives me a 400 and the logs
> show Broken Header error messages. Is there a way around this without
> removing proxy_protocol from the vhost configuration?
> 
> Thanks
> 
> minimal config:
> server {
>   listen 443 ssl http2 default_server proxy_protocol;
>   // other stuff
>   set_real_ip_from XXX.XXX.XX.XX;
>   set_real_ip_from NNN.NNN.NNN.NNN;
>   real_ip_header proxy_protocol;
>   // more stuff
> }
> 
> Example error.log entry
> VX�www.example.com#" while reading PROXY protocol, client: YY.YY.YY.YY,
> server: 0.0.0.0:8000
> 2016/08/11 11:25:28 [error] 23818#23818: *1445 broken header: "illegible
> characters"

You can add another "listen" directive without the proxy_protocol option.
Nginx will always expect the PROXY protocol header if it's specified in the
"listen" directive.

-- 
Roman Arutyunyan



More information about the nginx mailing list