haproxy 让后端服务器记录用户的真是IP地址(记录在header头里)
这里我们在生产中遇到一个问题就是。我们有的用户会登录失败。但是并不是所有的用户登录失败(这里是能够正常访问网站)
所以这里想分析哪些用户登录失败,所以我们要记录他们这些登录失败的IP地址
这里我们的结构是这样的,前端的代理用的是haproxy
后端的是java 程序
所以我们要在ha里配置,让后端能够取到用户的真实IP地址
所以我们的配置就是
option http-server-close
option forwardfor
后端的代码里去head头里的X-Forwarded-For字段
参考链接是https://gist.github.com/PiBa-NL/d826e0d6b35bbe4a5fc3
To send the ip addres of the client/webbrowser to the server/webserver behind it there are a few options:
1- option forwardfor
2- send-proxy
3- source 0.0.0.0 usesrc clientip
1- option forwardfor
This is an easy option to configure in haproxy, it does require that http layer7 processing is used 'mode http' and the webserver/ webapplication that wants to log or use the ip of the client must use the http-header 'X-Forwarded-For' to read the clientip.
2- send-proxy / send-proxy-v2 / send-proxy-*
This is can be used both with mode tcp and http, it does however require that the server also understands the proxyprotocol. Some applications have added support for this protocol which adds a few bytes with ip information before the actual request.
3- source 0.0.0.0 usesrc clientip
This allows any application and any protocol to be used and see the actual client ip as the origin from the incomming connection.
It does however require to configure IPTABLES or IPFW or other firewall rules to capture reply-traffic, also the haproxy machine must be the defaultroute for the return traffic from the (web-)server.
参考文档是:
https://www.haproxy.com/doc/aloha/7.0/haproxy/http_rewriting.html#add-a-header-to-the-request