假设我有两个主机,a.example.com
并且b.example.com
只希望proxy_protocol
在a.example.com
负载均衡器后面启用它(b.example.com
用于直接健康检查)。尝试了以下设置,但出现错误。
a.example.com
server {
listen 80 proxy_protocol;
listen 443 proxy_protocol ssl;
server_name a.example.com;
location / {
proxy_pass http://localhost:8443;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
proxy_cache_bypass $http_upgrade;
}
ssl_certificate /etc/letsencrypt/live/a.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/a.example.com/privkey.pem;
}
b.example.com
server {
listen 80;
server_name b.example.com;
location /healthcheck {
proxy_pass http://localhost:8443;
access_log off;
}
}
错误
2019/08/06 17:40:50 [error] 10488#10488: *12 broken header: "GET /healthcheck HTTP/1.1
Host: b.example.com
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
" while reading PROXY protocol, client: 1.2.3.4, server: 0.0.0.0:80
答案1
如果proxy_protocol
为给定端口上的侦听器启用了,它将应用于同一端口上server
的所有块listen
,无论是否指定。无法为任何特定server
块覆盖此设置。您需要确保到该端口的所有流量要么使用 PROXY 协议,要么不使用它。