proxy_protocol - access server directly

Jeff Dyke jeff.dyke at gmail.com
Fri Aug 12 20:07:26 UTC 2016


Thank you Roman, i knew it would be painfully obvious once the solution was
presented to me....

Very much appreciate it!

Jeff

On Fri, Aug 12, 2016 at 2:29 PM, Roman Arutyunyan <arut at nginx.com> wrote:

> Hello,
>
> On Fri, Aug 12, 2016 at 02:08:55PM -0400, Jeff Dyke wrote:
> > i have configured haproxy 1.6 and nginx 1.10.1 and all is well, but i'd
> > like to be able to access the servers directly on occasion and not
> through
> > haproxy.  Mainly this is done for troubleshooting or viewing a release
> > before it goes out to the public (its off the LB at the time).
> >
> > Unfortunately accessing the server directly gives me a 400 and the logs
> > show Broken Header error messages. Is there a way around this without
> > removing proxy_protocol from the vhost configuration?
> >
> > Thanks
> >
> > minimal config:
> > server {
> >   listen 443 ssl http2 default_server proxy_protocol;
> >   // other stuff
> >   set_real_ip_from XXX.XXX.XX.XX;
> >   set_real_ip_from NNN.NNN.NNN.NNN;
> >   real_ip_header proxy_protocol;
> >   // more stuff
> > }
> >
> > Example error.log entry
> > VX�www.example.com#" while reading PROXY protocol, client: YY.YY.YY.YY,
> > server: 0.0.0.0:8000
> > 2016/08/11 11:25:28 [error] 23818#23818: *1445 broken header: "illegible
> > characters"
>
> You can add another "listen" directive without the proxy_protocol option.
> Nginx will always expect the PROXY protocol header if it's specified in the
> "listen" directive.
>
> --
> Roman Arutyunyan
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160812/e8a37aa3/attachment.html>


More information about the nginx mailing list