HAProxy와 NGINX 에서 X-Forwarded-For 설정하기

1. HAProxy L4

1.1 #vi /etc/haproxy/haproxy.cfg

option             forwardfor

 

2. NGINX Web

2.1 # vi /etc/nginx/nginx.conf

http {

set_real_ip_from 10.100.10.0/24;
real_ip_header X-Forwarded-For;

log_format main ‘$http_x_forwarded_for – $remote_user [$time_local] ‘
‘”$request” $status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent”‘;

2.2 Log 확인하기

적용 前

10.200.10.74 – – [09/Dec/2016:17:04:10 +0900] “GET / HTTP/1.1” 304 0 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36” “-”
10.200.10.74 – – [09/Dec/2016:17:28:47 +0900] “GET / HTTP/1.1” 304 0 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36” “-”
10.200.10.74 – – [09/Dec/2016:17:28:47 +0900] “GET /favicon.ico HTTP/1.1” 200 1150 “https://purplecow.plura.io/” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36” “-”

10.200.10.74 # haproxy ip address

적용 後

123.160.209.113 – – [09/Dec/2016:17:39:55 +0900] “GET / HTTP/1.1” 304 0 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36”
123.160.209.113 – – [09/Dec/2016:17:39:55 +0900] “GET /favicon.ico HTTP/1.1” 200 1150 “https://purplecow.plura.io/” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36”

123.160.209.113 # real ip address

 

3. 참고 사이트

http://dewnine.tistory.com/7