如何将真实访客的IP地址转发给独角兽?当前设置是:
Haproxy => Nginx => Unicorn
- 如何将真实 IP 地址从 Haproxy 转发到 Nginx,再到 Unicorn?目前它总是只有 127.0.0.1
- 我读到 X 标头将被弃用。https://www.rfc-editor.org/rfc/rfc6648 - 这将如何影响我们?
代理配置:
# haproxy config
defaults
log global
mode http
option httplog
option dontlognull
option httpclose
retries 3
option redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
# Rails Backend
backend deployer-production
reqrep ^([^\ ]*)\ /api/(.*) \1\ /\2
balance roundrobin
server deployer-production localhost:9000 check
Nginx 配置:
upstream unicorn-production {
server unix:/tmp/unicorn.ordify-backend-production.sock fail_timeout=0;
}
server {
listen 9000 default;
server_name manager.ordify.localhost;
root /home/deployer/apps/ordify-backend-production/current/public;
access_log /var/log/nginx/ordify-backend-production_access.log;
rewrite_log on;
try_files $uri/index.html $uri @unicorn;
location @unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
proxy_pass http://unicorn-production;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
您应该添加
option forwardfor
到 Haproxy 配置并配置 nginx realip 模块: http ://nginx.org/en/docs/http/ngx_http_realip_module.html