My point of entry is Nginx. For all /api requests, I have setup haproxy. I want to send client IP address from nginx to haproxy when someone tries to hit https://yourdomain.com/api/ . I have defined a location for /api and defined the following headers
location /api/ {
proxy_pass https://MY-API-URL/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
}
When I am getting the value of X-Real-IP, it is the client IP but I want this client IP to be there in Haproxy because I want to set rate limiting on the basis of client IP. Please let me know what is correct way of doing it.
When you're proxying from NGginx to Haproxy, all the connections are coming from the same ip/machine (nginx ). If you want to proxy based on the client's IP, then you've got to tell HAProxy to balance based on either the X-Real-IP or X-Forwarded-For headers that you're setting in Nginx.
Your new Nginx config would look like this:
location /{
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ( if use X-Forwarded-For )
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr; ( if use X-Real-IP )
proxy_pass_request_headers on;
proxy_pass http://myip:myport;
}
Your new HAProxy config would look like this if you used X-Real-IP:
backend webapp
balance hdr(X-Real-IP)
hash-type consistent
mode http
server server1 ip:port check port 8080
server server2 ip:port check port 8080
Your new HAProxy config would look like this if you used X-Forwarded-For:
backend webapp
balance hdr(X-Forwarded-For)
hash-type consistent
mode http
server server1 ip:port check port 8080
server server2 ip:port check port 8080
This configuration work fine for me! Regards
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.