通过Haproxy => Nginx => Unicorn转发真实IP

tag-icon tag-icon nginx http haproxy unicorn
通过Haproxy => Nginx => Unicorn转发真实IP

如何将真实访客 IP 地址转发至 Unicorn?当前设置如下:

Haproxy => Nginx => Unicorn
  1. 如何将真实 IP 地址从 Haproxy 转发到 Nginx,再转发到 Unicorn?目前它始终只有 127.0.0.1
  2. 我读到 X 标头即将被弃用。https://www.rfc-editor.org/rfc/rfc6648- 这会对我们产生什么影响?

Haproxy配置:

# haproxy config
defaults
    log global
    mode    http
    option  httplog
    option  dontlognull
    option httpclose
    retries 3
    option redispatch
    maxconn 2000
    contimeout  5000
    clitimeout  50000
    srvtimeout  50000

# Rails Backend
backend deployer-production
    reqrep    ^([^\ ]*)\ /api/(.*)  \1\ /\2
    balance     roundrobin
    server      deployer-production localhost:9000 check

Nginx配置:

upstream unicorn-production {
  server unix:/tmp/unicorn.ordify-backend-production.sock fail_timeout=0;
}

server {
  listen 9000 default;
  server_name manager.ordify.localhost;
  root /home/deployer/apps/ordify-backend-production/current/public;
  access_log /var/log/nginx/ordify-backend-production_access.log;
  rewrite_log on;

  try_files $uri/index.html $uri @unicorn;

  location @unicorn {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_redirect off;
    proxy_pass http://unicorn-production;

    proxy_connect_timeout 90;
    proxy_send_timeout 90;
    proxy_read_timeout 90;
  }

  error_page 500 502 503 504 /500.html;
  client_max_body_size 4G;
  keepalive_timeout 10;
}

答案1

您应该添加option forwardfor到 Haproxy 配置并配置 nginx realip 模块: http://nginx.org/en/docs/http/ngx_http_realip_module.html

相关内容