Nginx

通過 Haproxy 轉發真實 IP => Nginx => Unicorn

  • October 26, 2017

如何將真實訪客的 IP 地址轉發給 Unicorn?目前設置是:

Haproxy => Nginx => Unicorn
  1. 如何將真實 IP 地址從 Haproxy 轉發到 Nginx 再到 Unicorn?目前它總是只有 127.0.0.1
  2. 我讀到 X 標頭將被棄用。https://www.rfc-editor.org/rfc/rfc6648 - 這將如何影響我們?

代理配置:

# haproxy config
defaults
   log global
   mode    http
   option  httplog
   option  dontlognull
   option httpclose
   retries 3
   option redispatch
   maxconn 2000
   contimeout  5000
   clitimeout  50000
   srvtimeout  50000

# Rails Backend
backend deployer-production
   reqrep    ^([^\ ]*)\ /api/(.*)  \1\ /\2
   balance     roundrobin
   server      deployer-production localhost:9000 check

Nginx 配置:

upstream unicorn-production {
 server unix:/tmp/unicorn.ordify-backend-production.sock fail_timeout=0;
}

server {
 listen 9000 default;
 server_name manager.ordify.localhost;
 root /home/deployer/apps/ordify-backend-production/current/public;
 access_log /var/log/nginx/ordify-backend-production_access.log;
 rewrite_log on;

 try_files $uri/index.html $uri @unicorn;

 location @unicorn {
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header Host $http_host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_redirect off;
   proxy_pass http://unicorn-production;

   proxy_connect_timeout 90;
   proxy_send_timeout 90;
   proxy_read_timeout 90;
 }

 error_page 500 502 503 504 /500.html;
 client_max_body_size 4G;
 keepalive_timeout 10;
}

您應該添加option forwardfor到 Haproxy 配置並配置 nginx realip 模組: http ://nginx.org/en/docs/http/ngx_http_realip_module.html

引用自:https://serverfault.com/questions/406716