proxy_protocol - access server directly

Jeff Dyke jeff.dyke at gmail.com
Fri Aug 12 21:08:11 UTC 2016


On Fri, Aug 12, 2016 at 4:49 PM, Roman Arutyunyan <arut at nginx.com> wrote:

> On Fri, Aug 12, 2016 at 04:07:26PM -0400, Jeff Dyke wrote:
> > Thank you Roman, i knew it would be painfully obvious once the solution
> was
> > presented to me....
> >
> > Very much appreciate it!
>
> Just to clarify - you obviously have to specify another port in the new
> "listen"
> directive.
>
> well not really, i just used the direct IP rather than the 0.0.0.0:443 or
443 listen directive and it all seemed to be fine.  Should that cause
issues going forward.  nginx config test and restart was happy and tests on
both sides of the site, api and www are good.

Jeff

> >
> > Jeff
> >
> > On Fri, Aug 12, 2016 at 2:29 PM, Roman Arutyunyan <arut at nginx.com>
> wrote:
> >
> > > Hello,
> > >
> > > On Fri, Aug 12, 2016 at 02:08:55PM -0400, Jeff Dyke wrote:
> > > > i have configured haproxy 1.6 and nginx 1.10.1 and all is well, but
> i'd
> > > > like to be able to access the servers directly on occasion and not
> > > through
> > > > haproxy.  Mainly this is done for troubleshooting or viewing a
> release
> > > > before it goes out to the public (its off the LB at the time).
> > > >
> > > > Unfortunately accessing the server directly gives me a 400 and the
> logs
> > > > show Broken Header error messages. Is there a way around this without
> > > > removing proxy_protocol from the vhost configuration?
> > > >
> > > > Thanks
> > > >
> > > > minimal config:
> > > > server {
> > > >   listen 443 ssl http2 default_server proxy_protocol;
> > > >   // other stuff
> > > >   set_real_ip_from XXX.XXX.XX.XX;
> > > >   set_real_ip_from NNN.NNN.NNN.NNN;
> > > >   real_ip_header proxy_protocol;
> > > >   // more stuff
> > > > }
> > > >
> > > > Example error.log entry
> > > > VX�www.example.com#" while reading PROXY protocol, client:
> YY.YY.YY.YY,
> > > > server: 0.0.0.0:8000
> > > > 2016/08/11 11:25:28 [error] 23818#23818: *1445 broken header:
> "illegible
> > > > characters"
> > >
> > > You can add another "listen" directive without the proxy_protocol
> option.
> > > Nginx will always expect the PROXY protocol header if it's specified
> in the
> > > "listen" directive.
> > >
> > > --
> > > Roman Arutyunyan
> > >
> > > _______________________________________________
> > > nginx mailing list
> > > nginx at nginx.org
> > > http://mailman.nginx.org/mailman/listinfo/nginx
>
> > _______________________________________________
> > nginx mailing list
> > nginx at nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
>
>
> --
> Roman Arutyunyan
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160812/452fb9d8/attachment.html>


More information about the nginx mailing list