I have a HAProxy running in front of Nginx, and I add ‘X-Client-IP’
header
to reflect the actual IP of the client. If the request is routed
directly to
the application server (Tornado in my case), this header is present and
I
can retrieve it with no problem.
However, if the request is first routed to Nginx and then to the
application
server using:
then the ‘X-Client-IP’ header is missing from the request when it
reaches
Tornado. I guess I might need to explicitly add this header in Nginx as
well, so it can relay it on. What is the right solution here?
then the ‘X-Client-IP’ header is missing from the request when it reaches
Tornado. I guess I might need to explicitly add this header in Nginx as
well, so it can relay it on. What is the right solution here?
It seems to work for me.
Can you provide an nginx.conf and nginx -V output that shows the
problem?
then the ‘X-Client-IP’ header is missing from the request when it reaches
Tornado. I guess I might need to explicitly add this header in Nginx as
well, so it can relay it on. What is the right solution here?
Most likely your balancer adds something like “X-Client_IP” instead,
with “_” (underscore) instead of “-” (dash). Such headers are
removed by nginx by default unless explicitly allowed, see
Thanks for the suggestion. I checked my Haproxy config again, and this
is
what I use for adding the ‘X-Client-IP’ header:
option forwardfor header X-Client-IP
In addition, if Haproxy is passing header things like ‘X-Client_IP’,
then
why is that the requests routed directly to Tornado (not via Nginx)
contain
the correct header ‘X-Client-IP’? It seem like something happens when
the
requests go through nginx and the header is dropped.
Below is part of my nginx config, and the last location block is the
relevant one here.
On Sun, Dec 09, 2012 at 08:30:39PM -0500, mrtn wrote:
requests go through nginx and the header is dropped.
Usually headers are accessed by a backend code via CGI-like
environment variables like HTTP_X_CLIENT_IP, which makes it
impossible to distinguish “" from “-”, that’s why I suggested the
"” as a most likely reason.
Below is part of my nginx config, and the last location block is the
relevant one here.
There is nothing which may cause such a behaviour in your config,
but the “part” part is what always leaves a room for speculations.
By default nginx doesn’t removes any X-* headers from proxied
requests. If the header was indeed removed (i.e. you see it on
the wire before nginx, but not between nginx and a backend) it may
indicate one of the following:
The header was ignored as invalid, e.g. due to underscore in
it’s name. Check nginx logs for “client sent invalid header line”
messages at info level, it might provide additional information.
The header was hidden by proxy configuration, either by
proxy_set_header with the exact name, or using
proxy_pass_request_headers.
Something really bad happened which prevented request from
being parsed correctly.
In either case debug log
(A debugging log) should provide
enough info to diagnose the problem. Actually looking on the data
on the wire (e.g. with “tcpdump -Xs0” might also help).
–
Maxim D.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.