haproxy 백 엔 드 Nginx 에 실제 IP 주소 ssl 기록

############haproxy  ##################################
listen  taotao_443
    bind 192.168.70.130:443 
    #option httpclose
    mode tcp
    #option     forwardfor
    option tcplog
    log global
    balance source
    server  nginx1   192.168.70.131:443 send-proxy   inter 2000 rise 2 fall 3
#############nginx  ##################################
server {
     #SSL        443
     listen 443 ssl proxy_protocol;
     #         
     server_name taotao.xx.com;
     #      
     ssl_certificate /etc/nginx/a.pem;
     #      
     ssl_certificate_key /etc/nginx/a.key;
     ssl_session_timeout 5m;
     #         
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     #         ,      ,     openssl   。
     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
     ssl_prefer_server_ciphers on;
     location / {
        #      。       ,            。
         root /var/www/;
         index  index.html index.htm;
     }
 }
    
http {
    include       /etc/nginx/mime.types;
   # set_real_ip_from 192.168.70.130;
   # real_ip_header X-Forwarded-For;
   set_real_ip_from  192.168.70.130;
   real_ip_header    X-Forwarded-For;
   real_ip_recursive on;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" forward   ip:"$http_x_forwarded_for"       IP:"$proxy_protocol_addr"';
    access_log  /var/log/nginx/access.log  main;
############tomcat      ################################
 nginx x-real-ip  tomcat    proxy_set_header    X-Real-IP        $proxy_protocol_addr;
   tomcat conf   server.xml  
   Valve className="org.apache.catalina.valves.RemoteIpValve"   
   Valve className="org.apache.catalina.valves.AccessLogValve" pattern    %h  --->%{X-Real-IP}i   
            

좋은 웹페이지 즐겨찾기