stackoom
  简体   繁体   中英

Nginx reverse proxy to Yesod forwarded ip address does not work

 原文  2020-10-09 07:43:50       nginx/ nginx-reverse-proxy/ yesod

Question

I have nginx set up as a reverse proxy for Yesod. The IP address in /var/log/nginx/access.log is the real IP address of the client. 

123.123.123.123 - - [09/Oct/2020:07:11:16 +0000] "GET / HTTP/1.1" 200 ...

But the IP address shown in the log by Yesod is 127.0.0.1, from nginx.

127.0.0.1 - - [09/Oct/2020:07:11:16 +0000] "GET / HTTP/1.0" 200 - "https://...

Here is my nginx configuration:

... 
server {

        server_name example.com;

        location / { 

            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;

            proxy_pass http://127.0.0.1:3000; # Reverse proxy to your Yesod app 
        }   

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
...

I have restarted nginx and the yesod binary. But the IP listed by Yesod is still 127.0.0.1.

What configuration mistake have I made?

Or do I need to edit the logging code of my Yesod binary?

Thank you kind readers

1 answers

solution1
 0 ACCPTED  2020-10-09 07:43:50

The answer was that there is a configuration option for Yesod to use the forwarded IP headers.

I found it by reading src/Settings.hs which contains this:

data AppSettings = AppSettings
    { appStaticDir              :: String
    -- ^ Directory from which to serve static files.
    , appDatabaseConf           :: PostgresConf
    -- ^ Configuration settings for accessing the database.
    , appRoot                   :: Maybe Text
    -- ^ Base for all generated URLs. If @Nothing@, determined
    -- from the request headers.
    , appHost                   :: HostPreference
    -- ^ Host/interface the server should bind to.
    , appPort                   :: Int
    -- ^ Port to listen on
    , appIpFromHeader           :: Bool
    -- ^ Get the IP address from the header when logging. Useful when sitting
    -- behind a reverse proxy.
...

So you need to either edit config/settings.yaml which contains the line:

...
ip-from-header: "_env:YESOD_IP_FROM_HEADER:false" 
...

Or, you can also change the environment variable running this command export YESOD_IP_FROM_HEADER=true .

That solved it.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question nginx reverse proxy redirects to internal ip address Nginx filtering by IP address for reverse proxy nginx reverse proxy “ip address shows” Nginx Default: Why is location / not forwarded to reverse proxy? Allow only a single specific IP address on Nginx under reverse proxy Dokku - get ip address of nginx reverse proxy inside container? Why my reverse proxy (nginx) does not work Error with IP and Nginx as reverse proxy nginx reverse proxy to apache server - only fulfill nginx forwarded requests Nginx reverse proxy with IP in the request
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM