Re: proxy_protocol - access server directly

Roman Arutyunyan Fri, 12 Aug 2016 14:25:49 -0700

On Fri, Aug 12, 2016 at 05:08:11PM -0400, Jeff Dyke wrote:
> On Fri, Aug 12, 2016 at 4:49 PM, Roman Arutyunyan <a...@nginx.com> wrote:
> 
> > On Fri, Aug 12, 2016 at 04:07:26PM -0400, Jeff Dyke wrote:
> > > Thank you Roman, i knew it would be painfully obvious once the solution
> > was
> > > presented to me....
> > >
> > > Very much appreciate it!
> >
> > Just to clarify - you obviously have to specify another port in the new
> > "listen"
> > directive.
> >
> > well not really, i just used the direct IP rather than the 0.0.0.0:443 or
> 443 listen directive and it all seemed to be fine.  Should that cause
> issues going forward.  nginx config test and restart was happy and tests on
> both sides of the site, api and www are good.


That's fine too.

> 
> Jeff
> 
> > >
> > > Jeff
> > >
> > > On Fri, Aug 12, 2016 at 2:29 PM, Roman Arutyunyan <a...@nginx.com>
> > wrote:
> > >
> > > > Hello,
> > > >
> > > > On Fri, Aug 12, 2016 at 02:08:55PM -0400, Jeff Dyke wrote:
> > > > > i have configured haproxy 1.6 and nginx 1.10.1 and all is well, but
> > i'd
> > > > > like to be able to access the servers directly on occasion and not
> > > > through
> > > > > haproxy.  Mainly this is done for troubleshooting or viewing a
> > release
> > > > > before it goes out to the public (its off the LB at the time).
> > > > >
> > > > > Unfortunately accessing the server directly gives me a 400 and the
> > logs
> > > > > show Broken Header error messages. Is there a way around this without
> > > > > removing proxy_protocol from the vhost configuration?
> > > > >
> > > > > Thanks
> > > > >
> > > > > minimal config:
> > > > > server {
> > > > >   listen 443 ssl http2 default_server proxy_protocol;
> > > > >   // other stuff
> > > > >   set_real_ip_from XXX.XXX.XX.XX;
> > > > >   set_real_ip_from NNN.NNN.NNN.NNN;
> > > > >   real_ip_header proxy_protocol;
> > > > >   // more stuff
> > > > > }
> > > > >
> > > > > Example error.log entry
> > > > > VX�www.example.com#" while reading PROXY protocol, client:
> > YY.YY.YY.YY,
> > > > > server: 0.0.0.0:8000
> > > > > 2016/08/11 11:25:28 [error] 23818#23818: *1445 broken header:
> > "illegible
> > > > > characters"
> > > >
> > > > You can add another "listen" directive without the proxy_protocol
> > option.
> > > > Nginx will always expect the PROXY protocol header if it's specified
> > in the
> > > > "listen" directive.
> > > >
> > > > --
> > > > Roman Arutyunyan
> > > >
> > > > _______________________________________________
> > > > nginx mailing list
> > > > nginx@nginx.org
> > > > http://mailman.nginx.org/mailman/listinfo/nginx
> >
> > > _______________________________________________
> > > nginx mailing list
> > > nginx@nginx.org
> > > http://mailman.nginx.org/mailman/listinfo/nginx
> >
> >
> > --
> > Roman Arutyunyan
> >
> > _______________________________________________
> > nginx mailing list
> > nginx@nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
> >

> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


-- 
Roman Arutyunyan

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: proxy_protocol - access server directly

Reply via email to