HAProxy客户端IP地址的透传

HAProxy客户端IP地址的透传

HAProxy客户端IP地址的透传

环境准备

server	IP
client	172.20.27.10
haproxy	172.20.27.20,192.168.27.10
nginx	192.168.27.21

---

nginx操作

1.首先对nginx的主配置中的日志做修改

[root@nginx ~]# vim /apps/nginx/conf/nginx.conf log_format access_json '{"@timestamp":"$time_iso8601",'       '"host":"$server_addr",'       '"clientip":"$remote_addr",'       '"size":$body_bytes_sent,'       '"responsetime":$request_time,'       '"upstreamtime":"$upstream_response_time",'       '"upstreamhost":"$upstream_addr",'       '"http_host":"$host",'       '"uri":"$uri",'       '"domain":"$host",'       '"xff":"$http_x_forwarded_for",' #使用http透传       '"referer":"$http_referer",'       '"tcp_xff":"$proxy_protocol_addr",' #使用tcp透传       '"http_user_agent":"$http_user_agent",'       '"status":"$status"}';

2.在server段配置文件中调用此日志格式

[root@nginx ~]# vim /apps/nginx/conf/servers/mylinuxops.conf  server {
        server_name www.mylinuxops.com;
        listen 80;
        access_log  /apps/nginx/logs/mylinuxops.log  access_json;
        location / {
                root /data/www;
                index index.html;
        }
}

---

配置HAProxy(http透传)

未使用http透传前

[root@nginx ~]# tail /apps/nginx/logs/mylinuxops.log  {"@timestamp":"2019-06-04T16:30:47+08:00",   "host":"192.168.27.21",   "clientip":"172.20.27.10",   "size":19,   "responsetime":0.000,   "upstreamtime":"-",   "upstreamhost":"-",   "http_host":"www.mylinuxops.com",   "uri":"/index.html",   "domain":"www.mylinuxops.com",   "xff":"-",   "referer":"-",   "tcp_xff":"",   "http_user_agent":"curl/7.29.0",   "status":"200"} #xff显示为"-"

修改HAProxy配置文件，使用http模式下的ip透传

[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg  listen web bind 172.20.27.20:80
 mode http #模式改为http option forwardfor #开启forwardfor选项 server web1 www.mylinuxops.com:80 check inter 3000 fall3 rise 5

测试
使用客户端访问

[root@client ~]# curl www.mylinuxops.com www.mylinuxops.com

查看nginx上的日志

[root@nginx ~]# tail -f /apps/nginx/logs/mylinuxops.log  {"@timestamp":"2019-06-04T17:29:22+08:00",   "host":"192.168.27.21",   "clientip":"192.168.27.10",   "size":19,   "responsetime":0.000,   "upstreamtime":"-",   "upstreamhost":"-",   "http_host":"www.mylinuxops.com",   "uri":"/index.html",   "domain":"www.mylinuxops.com",   "xff":"172.20.27.10",   "referer":"-",   "tcp_xff":"",   "http_user_agent":"curl/7.29.0",   "status":"200"} #"xff":"172.20.27.10" 客户端的地址被透传过来了

---

配置HAProxy(tcp透传)

1.修改HAProxy配置文件

[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg  listen web bind 172.20.27.20:80
 mode tcp #将mode改为tcp option forwardfor #开启forwardfor选项 server web1 www.mylinuxops.com:80 send-proxy check inter 3000 fall 3 rise 5 #在定义后端服务时加上 send-proxy参数。

2.修改nginx的配置文件

[root@nginx ~]# vim /apps/nginx/conf/servers/mylinuxops.conf  server {
        server_name www.mylinuxops.com;
        listen 80 proxy_protocol; #在listen选项后添加proxy_protocol选项 access_log  /apps/nginx/logs/mylinuxops.log  access_json;
        location / {
                root /data/www;
                index index.html;
        }
}

测试
使用客户端访问

[root@client ~]# curl www.mylinuxops.com www.mylinuxops.com

在nginx上查看日志

[root@nginx ~]# tail -f /apps/nginx/logs/mylinuxops.log  {"@timestamp":"2019-06-04T17:43:57+08:00",   "host":"192.168.27.21",   "clientip":"192.168.27.10",   "size":19,   "responsetime":0.000,   "upstreamtime":"-",   "upstreamhost":"-",   "http_host":"www.mylinuxops.com",   "uri":"/index.html",   "domain":"www.mylinuxops.com",   "xff":"-",   "referer":"-",   "tcp_xff":"172.20.27.10",   "http_user_agent":"curl/7.29.0",   "status":"200"} #"tcp_xff":"172.20.27.10"  客户端的地址在tcp的模式下被传送过来