我有一个托管在AWS(EKS)中的Kubernetes集群。
我正在尝试保留客户端的IP。为此,我尝试在集群前面的网络负载均衡器中启用代理协议v2,并配置Nginx ingress控制器来处理它。
尽管如此,我还是收到了一个坏的请求错误,每个请求都没有任何额外的信息。
这是我的Nginx ingress控制器
apiVersion: v1data:allow-snippet-annotations: "true"compute-full-forwarded-for: "true"enable-real-ip: "true"server-snippet: "listen 8000;\nif ( $server_port = 80 ) {\n return 308 https://$host$request_uri;\n}\ \n"ssl-redirect: "false"use-forwarded-headers: "true"use-proxy-protocol: "true"
字符串
这在Nginx配置中转换为
## start serverserver {server_name [REDACTED] ;listen 80 proxy_protocol ;listen 443 proxy_protocol ssl http2 ;set $proxy_upstream_name "-";ssl_certificate_by_lua_block {certificate.call()}location / {set $namespace "[REDACTED]";set $ingress_name "[REDACTED]";set $service_name "[REDACTED]";set $service_port "[REDACTED]";set $location_path "/";set $global_rate_limit_exceeding n;rewrite_by_lua_block {lua_ingress.rewrite({force_ssl_redirect = false,ssl_redirect = false,force_no_ssl_redirect = false,preserve_trailing_slash = false,use_port_in_redirects = false,global_throttle = { namespace = "", limit = 0, window_size = 0, key = { }, ignored_cidrs = { } },})balancer.rewrite()plugins.run()}header_filter_by_lua_block {lua_ingress.header()plugins.run()}body_filter_by_lua_block {plugins.run()}log_by_lua_block {balancer.log()monitor.call()plugins.run()}port_in_redirect off;set $balancer_ewma_score -1;set $proxy_upstream_name "[REDACTED]";set $proxy_host $proxy_upstream_name;set $pass_access_scheme $scheme;set $pass_server_port $proxy_protocol_server_port;set $best_http_host $http_host;set $pass_port $pass_server_port;set $proxy_alternative_upstream_name "";client_max_body_size 20m;proxy_set_header Host $best_http_host;# Allow websocket connectionsproxy_set_header Upgrade $http_upgrade;proxy_set_header Connection $connection_upgrade;proxy_set_header X-Request-ID $req_id;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $full_x_forwarded_for;proxy_set_header X-Forwarded-Host $best_http_host;proxy_set_header X-Forwarded-Port $pass_port;proxy_set_header X-Forwarded-Proto $pass_access_scheme;proxy_set_header X-Forwarded-Scheme $pass_access_scheme;proxy_set_header X-Scheme $pass_access_scheme;# Pass the original X-Forwarded-Forproxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;proxy_set_header Proxy "";proxy_connect_timeout 5s;proxy_send_timeout 3600s;proxy_read_timeout 3600s;proxy_buffering off;proxy_buffer_size 4k;proxy_buffers 4 4k;proxy_max_temp_file_size 1024m;proxy_request_buffering on;proxy_http_version 1.1;proxy_cookie_domain off;proxy_cookie_path off;proxy_next_upstream error timeout;proxy_next_upstream_timeout 0;proxy_next_upstream_tries 3;proxy_pass http://upstream_balancer;proxy_redirect off;}# Custom code snippet configured in the configuration configmaplisten 8000;if ( $server_port = 80 ) {return 308 https://$host$request_uri;}}## end server
型
代理协议v2通过AWS控制台在我的HTTP目标组中启用,但当我访问服务的任何端点时,结果是
<html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>
型
任何帮助将是伟大的。
先谢了。
1条答案
按热度按时间ftf50wuq1#
要配置NGINX接受PROXY协议头,请将
proxy_protocol参数添加到http {}或stream {}块中服务器块的listen指令中。https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/字符串