由 lista 在 2013/11/30 下午 12:46 發表
分類:
Linode Nodebalancer is use Proxy to make balancer.
Before we can use HTTP (80 port) on it, but HTTPS (443 port) only can use TCP.
So we can't get real ip from remote user.
Now HTTPS is worked, but it use HTTP to callback, then nginx will block.
We need to fix https variable to make it work.
This is get real ip from remote for HTTP and HTTPS
http {
real_ip_header X-Forwarded-For;
set_real_ip_from 192.168.255.0/24;
}
Add map for HTTPS
Before we can map $http_x_forwarded_prote to $https, but on newer nginx, $https already defined when start. So we just create other variable.
http {
map $http_x_forwarded_proto $fastcgi_https {
default '';
https on;
}
map $http_x_forwarded_proto $fastcgi_server_port {
default $server_port;
https 443;
}
}
Change fastcgi_param
fastcgi_param SERVER_PORT $fastcgi_server_port; fastcgi_param HTTPS $fastcgi_https;
Nginx rewrite use double check
# Check https status
set $use_https "";
if ($https) {
set $use_https "on";
}
if ($fastcgi_https) {
set $use_https "on";
}
# Rewrite
if ($use_https) {
.......
}
That's worked!!
授權:
回應
I found if direct into server
I found if direct into server, the https will be incorrect. So I insert check before fastcgi_params temporarily.
if ($https = "on") { set $fastcgi_https "on"; } fastcgi_param HTTPS $fastcgi_https;But......if it got problem.......why SERVER_PORT work.....= =a
請問 nodebalance
由 面膜哥 在 2015/02/03 上午 11:35 發表請問 nodebalance 是不要把把dns給linode託管?
不用喔,他就只是單純的負載平衡而已
不用喔,他就只是單純的負載平衡而已,要把你的Domain指到Nodebalance,再從Nodebalance指定要處理的伺服器有那幾台。