SteveL's questions

我们会收到警方要求提供访客 IP 和端口的请求。

当请求来自 cloudflare(https) 时，$remote_port 变量为空，当我通过它的 ip 访问负载均衡器时，端口设置正确。

log_format  main  '[$time_local] - $http_x_forwarded_for - $remote_addr - p$remote_port - $status - $request_time - "$uri"';

我有 7 个 nginx 网络服务器运行一个 python 应用程序并通过 uwsgi 和一个套接字文件将其提供给 nginx，在这 7 个网络服务器前面有一个 nginx 负载均衡器，从负载均衡器向公众发出的流量被正确压缩，导致只有~20Mbps的传出流量，但是由于某种原因从网络服务器和负载均衡器出来的流量没有被压缩，导致负载均衡器的总传入流量（来自服务器子网接口）为400Mbps，每个Web 服务器可以承受大约 70Mbps 的传出流量。

是否应该像在 laod 平衡器上启用 gzip 压缩一样启用它（它在哪里工作）？这里有一些不同的配置吗？

网络服务器 nginx.conf：

user xxx;
worker_rlimit_nofile 99999;
worker_processes  16;

events {
    worker_connections 65535;
}
http {
    proxy_cache_path  /var/cache/nginx levels=1:2 keys_zone=one:8m max_size=3000m inactive=600m;
    proxy_temp_path /tmp;
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 620;
        keepalive_requests 20000;
#   types_hash_max_size 2048;
    client_max_body_size 200m;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    #ssl_prefer_server_ciphers on;

    proxy_buffer_size   128k; 
    proxy_buffers   16 256k;
    proxy_busy_buffers_size   256k;
    uwsgi_buffer_size 128k;
    uwsgi_buffers 16 256k;
    uwsgi_busy_buffers_size 256k;
#   uwsgi_param UWSGI_SCHEME https;
#   uwsgi_param HTTPS on;

    #log info
    log_format  main  '[$time_local] - $remote_addr - $request_time - $remote_user - $upstream_addr - "$request" '
                     '$status $body_bytes_sent "$http_referer" '
                     '"$http_user_agent" "$http_x_forwarded_for" $http_host $http_cookie';
    log_format  body  '[$time_local] - $remote_addr - $request_time - $remote_user - "$request" '
                     '$status $body_bytes_sent "$http_referer" '
                     '"$http_user_agent" "$http_x_forwarded_for" $http_host $request_body $http_cookie';

    access_log off;
    #access_log /home/xxx/log/ng_access.log;
    error_log /home/xxx/log/ng_error.log;

    gzip on;
    gzip_disable "msie6";
        gzip_comp_level 4;
        gzip_types      text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    open_file_cache          max=8000 inactive=60s;
    open_file_cache_valid    120s;
    open_file_cache_min_uses 2;
    open_file_cache_errors   off;
    #uwsgi_buffering  off;

    #the cdn server, listening on port 83
    include /etc/nginx/conf.d/cdn.conf;

    #the xxx app, listening on port 81
    include /etc/nginx/conf.d/xxx.conf;

    #the dealers app, listening on port 82
    include /etc/nginx/conf.d/dealers.conf;

    #a fallback server listening on port 80, it acts as a local "load balancer" in case that we need to use this server without
    #a load balancer
    include /etc/nginx/conflb.d/http_upstreams.conf;
    include /etc/nginx/conflb.d/xxx.conf;
    include /etc/nginx/conflb.d/dealers.conf;
    include /etc/nginx/conflb.d/es.conf;
    include /etc/nginx/conflb.d/db.conf;

}

负载均衡器 nginx.conf：

user nginx;
worker_rlimit_nofile 99999;
worker_processes  15;
pid /run/nginx.pid;
events {
    worker_connections  65535;
}
http {

    include /etc/nginx/conf.d/http_upstreams.conf;

        sendfile        on;
        proxy_busy_buffers_size 128k;
        proxy_buffer_size 64k;
        proxy_buffers 4 64k;
        #proxy_max_temp_file_size 0;
        keepalive_timeout  620;
        gzip  on;
        gzip_comp_level 4;
        gzip_types      text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
        include       mime.types;
        default_type  application/octet-stream;
    client_max_body_size 200m;
    #log info
    log_format  main  '[$time_local] - $remote_addr - $request_time - $remote_user - $upstream_addr - "$request" '
                     '$status $body_bytes_sent "$http_referer" '
                     '"$http_user_agent" "$http_x_forwarded_for" $http_host $http_cookie';
    log_format  body  '[$time_local] - $remote_addr - $request_time - $remote_user - "$request" '
                     '$status $body_bytes_sent "$http_referer" '
                     '"$http_user_agent" "$http_x_forwarded_for" $http_host $request_body $http_cookie';

        access_log  /var/log/nginx/access.log  main;

    real_ip_header CF-Connecting-IP;


        include /etc/nginx/conf.d/db1.conf;
    include /etc/nginx/conf.d/db2.conf;   
        include /etc/nginx/conf.d/es.conf;
    include /etc/nginx/conf.d/st.conf;
    include /etc/nginx/conf.d/xxx.conf;
    include /etc/nginx/conf.d/dealers.conf;

    #catch all server
    server {
        listen 80 default_server;
        rewrite ^(.*) http://www.xxx.gr$1 permanent;
    }
}

我在 xen 主机中创建了一个 vm。通过遵循本指南，我已经成功地 ping www.google.com，但在获得Destination Host Unreachable. 如果我重新启动虚拟机，我可以在失败之前再次 ping 两次。

$ - ping www.google.com

PING www.google.com (216.58.208.228) 56(84) bytes of data.
64 bytes from par10s22-in-f4.1e100.net (216.58.208.228): icmp_seq=1 ttl=51 time=17.3 ms
64 bytes from par10s22-in-f4.1e100.net (216.58.208.228): icmp_seq=2 ttl=51 time=17.4 ms
From static.12.166.76.144.clients.your-server.de (144.76.166.12): icmp_seq=3 Redirect Host(New nexthop: 144.76.166.1)
64 bytes from 216.58.208.228: icmp_seq=3 ttl=51 time=17.3 ms
From wservervm (144.76.166.25) icmp_seq=4 Destination Host Unreachable
From wservervm (144.76.166.25) icmp_seq=5 Destination Host Unreachable
From wservervm (144.76.166.25) icmp_seq=6 Destination Host Unreachable
From wservervm (144.76.166.25) icmp_seq=7 Destination Host Unreachable
From wservervm (144.76.166.25) icmp_seq=8 Destination Host Unreachable
From wservervm (144.76.166.25) icmp_seq=9 Destination Host Unreachable
From wservervm (144.76.166.25) icmp_seq=10 Destination Host Unreachable
From wservervm (144.76.166.25) icmp_seq=11 Destination Host Unreachable
From wservervm (144.76.166.25) icmp_seq=12 Destination Host Unreachable

主机的 ip（用于从外部访问服务器的外部）用作 vm 的默认网关。我不知道要提供什么其他信息。这可能是什么原因？

来宾的输出arp -n是：

Address                  HWtype  HWaddress           Flags Mask            Iface
144.76.166.12            ether   d4:3d:7e:ec:ef:f8   C                     eth0
144.76.166.1                     (incomplete)                              eth0

和主机：

Address                  HWtype  HWaddress           Flags Mask            Iface
144.76.166.27                    (incomplete)                              xenbr0
144.76.166.1             ether   cc:e1:7f:ac:52:96   C                     xenbr0
144.76.166.25            ether   00:16:3e:b0:23:21   C                     xenbr0
144.76.166.28                    (incomplete)                              xenbr0
144.76.166.29                    (incomplete)                              xenbr0

主机的/etc/network/interfaces

# loopback
auto lo
iface lo inet loopback

# physical network interface
auto  eth0
iface eth0 inet manual

# bridge public
auto xenbr0
iface xenbr0 inet static
  address   144.76.166.12
  netmask   255.255.255.224
  gateway   144.76.166.1
  bridge_ports eth0
  bridge_stp off       # disable Spanning Tree Protocol
  bridge_waitport 0    # no delay unless port available
  bridge_fd 0          # no forwarding delay
# up route add -net 188.40.103.64 netmask 255.255.255.192 gw 188.40.103.65 eth0

# bridge internal
auto xenbr1
iface xenbr1 inet static
  address   10.0.10.1
  broadcast 10.0.10.255
  netmask   255.255.255.0
  pre-up brctl addbr xenbr1

# ipv6
iface eth0 inet6 static
  address 2a01:4f8:200:420b::2
  netmask 64
  gateway fe80::1

brctl 显示：

bridge name bridge id       STP enabled interfaces
xenbr0      8000.d43d7eeceff8   no      eth0
                            vif6.0
xenbr1      8000.000000000000   no      

我认为这里主要关注的是它在失败之前成功地乒乓球两次。