2021.04.11
1581
HAProxy客户端IP地址的透传
环境准备
| server | IP |
|---|---|
| client | 172.20.27.10 |
| haproxy | 172.20.27.20,192.168.27.10 |
| nginx | 192.168.27.21 |
1.首先对nginx的主配置中的日志做修改
[root@nginx ~]# vim /apps/nginx/conf/nginx.conf log_format access_json '{"@timestamp":"$time_iso8601",' '"host":"$server_addr",' '"clientip":"$remote_addr",' '"size":$body_bytes_sent,' '"responsetime":$request_time,' '"upstreamtime":"$upstream_response_time",' '"upstreamhost":"$upstream_addr",' '"http_host":"$host",' '"uri":"$uri",' '"domain":"$host",' '"xff":"$http_x_forwarded_for",' #使用http透传 '"referer":"$http_referer",' '"tcp_xff":"$proxy_protocol_addr",' #使用tcp透传 '"http_user_agent":"$http_user_agent",' '"status":"$status"}';
2.在server段配置文件中调用此日志格式
[root@nginx ~]# vim /apps/nginx/conf/servers/mylinuxops.conf server {
server_name www.mylinuxops.com;
listen 80;
access_log /apps/nginx/logs/mylinuxops.log access_json;
location / {
root /data/www;
index index.html;
}
}
未使用http透传前
[root@nginx ~]# tail /apps/nginx/logs/mylinuxops.log {"@timestamp":"2019-06-04T16:30:47+08:00", "host":"192.168.27.21", "clientip":"172.20.27.10", "size":19, "responsetime":0.000, "upstreamtime":"-", "upstreamhost":"-", "http_host":"www.mylinuxops.com", "uri":"/index.html", "domain":"www.mylinuxops.com", "xff":"-", "referer":"-", "tcp_xff":"", "http_user_agent":"curl/7.29.0", "status":"200"} #xff显示为"-"
修改HAProxy配置文件,使用http模式下的ip透传
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg listen web bind 172.20.27.20:80
mode http #模式改为http option forwardfor #开启forwardfor选项 server web1 www.mylinuxops.com:80 check inter 3000 fall3 rise 5
测试
使用客户端访问
[root@client ~]# curl www.mylinuxops.com www.mylinuxops.com
查看nginx上的日志
[root@nginx ~]# tail -f /apps/nginx/logs/mylinuxops.log {"@timestamp":"2019-06-04T17:29:22+08:00", "host":"192.168.27.21", "clientip":"192.168.27.10", "size":19, "responsetime":0.000, "upstreamtime":"-", "upstreamhost":"-", "http_host":"www.mylinuxops.com", "uri":"/index.html", "domain":"www.mylinuxops.com", "xff":"172.20.27.10", "referer":"-", "tcp_xff":"", "http_user_agent":"curl/7.29.0", "status":"200"} #"xff":"172.20.27.10" 客户端的地址被透传过来了
1.修改HAProxy配置文件
[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg listen web bind 172.20.27.20:80
mode tcp #将mode改为tcp option forwardfor #开启forwardfor选项 server web1 www.mylinuxops.com:80 send-proxy check inter 3000 fall 3 rise 5 #在定义后端服务时加上 send-proxy参数。
2.修改nginx的配置文件
[root@nginx ~]# vim /apps/nginx/conf/servers/mylinuxops.conf server {
server_name www.mylinuxops.com;
listen 80 proxy_protocol; #在listen选项后添加proxy_protocol选项 access_log /apps/nginx/logs/mylinuxops.log access_json;
location / {
root /data/www;
index index.html;
}
}
测试
使用客户端访问
[root@client ~]# curl www.mylinuxops.com www.mylinuxops.com
在nginx上查看日志
[root@nginx ~]# tail -f /apps/nginx/logs/mylinuxops.log {"@timestamp":"2019-06-04T17:43:57+08:00", "host":"192.168.27.21", "clientip":"192.168.27.10", "size":19, "responsetime":0.000, "upstreamtime":"-", "upstreamhost":"-", "http_host":"www.mylinuxops.com", "uri":"/index.html", "domain":"www.mylinuxops.com", "xff":"-", "referer":"-", "tcp_xff":"172.20.27.10", "http_user_agent":"curl/7.29.0", "status":"200"} #"tcp_xff":"172.20.27.10" 客户端的地址在tcp的模式下被传送过来免责声明:以上内容源自网络,版权归原作者所有,如有侵犯您的原创版权请告知,我们将尽快删除相关内容。
028-86040068
联系我们
