경준 이ubntu20.04 nginx proxy protocol 설정 하기
– 패키지 설치하기
#apt-get update
#apt install -y nginx-full
– 패키지 설치후 realip_module 확인
#nginx -V 2>&1 | grep — ‘http_realip_moudule’
-> module 확인
/etc/nginx/nginx.conf
|
http { log_format proxy ‘$proxy_protocol_addr – $remote_user [$time_local] ‘ ‘”$request” $status $body_bytes_sent “$http_referer” ‘ ‘”$http_user_agent”‘; server { listen 80 proxy_protocol; real_ip_header proxy_protocol; } |
nginx.conf 적용 완료 후
#nginx -t
#service nginx restart
access.log로 proxy protocol 적용확인
proxy protocol 설정 전
– – – [25/Jan/2022:04:30:21 +0000] “PROXY TCP4 10.5.x.xx 10.5.x.xx 34567 80” 400 0 “-” “-“
– – – [25/Jan/2022:04:30:25 +0000] “PROXY TCP4 10.5.x.xxx 10.5.x.xx 42103 80” 400 0 “-” “-“
– – – [25/Jan/2022:04:30:26 +0000] “PROXY TCP4 10.5.x.xx 10.5.x.xx 34575 80” 400 0 “-” “-“
– – – [25/Jan/2022:04:30:30 +0000] “PROXY TCP4 10.5.x.xxx10.5.x.xx 42111 80” 400 0 “-” “-“
– – – [25/Jan/2022:04:30:31 +0000] “PROXY TCP4 10.5.x.xx 10.5.x.xx 34583 80” 400 0 “-” “-“
proxy protocol 설정 후
115.68.xx.xx – – [25/Jan/2022:06:38:26 +0000] “GET / HTTP/1.1” 200 396 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.277 Whale/2.9.118.38 Safari/537.36”
115.68.xx.xx – – [25/Jan/2022:06:38:26 +0000] “GET /favicon.ico HTTP/1.1” 404 197 “http://115.68.145.184/” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.277 Whale/2.9.118.38 Safari/537.36”
115.68.xx.xx – – [25/Jan/2022:06:38:32 +0000] “GET / HTTP/1.1” 304 0 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.277 Whale/2.9.118.38 Safari/537.36”
apache2 ubuntu20.04 proxy protocol
-설치 패키지
#apt install apache2 apache2-dev
-remoteip module enable 설정
# a2enmod remoteip
Enabling module remoteip.
# systemctl restart apache2
-remouteip_module 확인하기
# apachectl -M |grep remote
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 10.5.2.50. Set the ‘ServerName’ directive globally to suppress this message
remoteip_module (shared)
-mod-proxy-protocol modules 설치
# cd /usr/local/src/
# git clone https://github.com/roadrunner2/mod-proxy-protocol.git
Cloning into ‘mod-proxy-protocol’…
remote: Enumerating objects: 77, done.
remote: Total 77 (delta 0), reused 0 (delta 0), pack-reused 77
Unpacking objects: 100% (77/77), done.
# ls
mod-proxy-protocol
– make진행 (apache2-dev패키지 설치해야 make 진행가능)
# cd mod-proxy-protocol/
# make
apxs -i mod_proxy_protocol.la
/usr/share/apache2/build/instdso.sh SH_LIBTOOL=’/usr/share/apr-1.0/build/libtool’ mod_proxy_protocol.la /usr/lib/apache2/modules
/usr/share/apr-1.0/build/libtool –mode=install install mod_proxy_protocol.la /usr/lib/apache2/modules/
libtool: install: install .libs/mod_proxy_protocol.so /usr/lib/apache2/modules/mod_proxy_protocol.so
libtool: install: install .libs/mod_proxy_protocol.lai /usr/lib/apache2/modules/mod_proxy_protocol.la
libtool: finish: PATH=”/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/sbin” ldconfig -n /usr/lib/apache2/modules
/usr/local/src/mod-proxy-protocol# ls .libs/
mod_proxy_protocol.la mod_proxy_protocol.lai mod_proxy_protocol.o mod_proxy_protocol.so
/usr/local/src/mod-proxy-protocol# make install
apxs -i mod_proxy_protocol.la
/usr/share/apache2/build/instdso.sh SH_LIBTOOL=’/usr/share/apr-1.0/build/libtool’ mod_proxy_protocol.la /usr/lib/apache2/modules
/usr/share/apr-1.0/build/libtool –mode=install install mod_proxy_protocol.la /usr/lib/apache2/modules/
libtool: install: install .libs/mod_proxy_protocol.so /usr/lib/apache2/modules/mod_proxy_protocol.so
libtool: install: install .libs/mod_proxy_protocol.lai /usr/lib/apache2/modules/mod_proxy_protocol.la
libtool: finish: PATH=”/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/sbin” ldconfig -n /usr/lib/apache2/modules
———————————————————————-
Libraries have been installed in:
/usr/lib/apache2/modules
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the ‘-LLIBDIR’
flag during linking and do at least one of the following:
– add LIBDIR to the ‘LD_LIBRARY_PATH’ environment variable
during execution
– add LIBDIR to the ‘LD_RUN_PATH’ environment variable
during linking
– use the ‘-Wl,-rpath -Wl,LIBDIR’ linker flag
– have your system administrator add LIBDIR to ‘/etc/ld.so.conf’
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
———————————————————————-
chmod 644 /usr/lib/apache2/modules/mod_proxy_protocol.s
– 로그 설정 및 proxy_protocol 관련 2줄 추가
# vi /etc/apache2/apache2.conf
| .. .. #LogFormat “%h %l %u %t \”%r\” %>s %O \”%{Referer}i\” \”%{User-Agent}i\”” combined LogFormat “%h %p %a %{remote}p %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”” combined .. .. LoadModule proxy_protocol_module /usr/lib/apache2/modules/mod_proxy_protocol.so ProxyProtocol On |
# service apache2 restart
# apachectl -M |grep proxy
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 10.5.2.50. Set the ‘ServerName’ directive globally to suppress this message
proxy_protocol_module (shared
설정 전
10.5.x.xxx – – [19/Jan/2022:00:48:32 +0000] “PROXY TCP4 10.5.x.xxx” 400 0 “-” “-“
10.5.x.xxx – – [19/Jan/2022:00:48:37 +0000] “PROXY TCP4 10.5.x.xxx” 400 0 “-” “-“
10.5.x.xxx – – [19/Jan/2022:00:48:37 +0000] “PROXY TCP4 10.5.x.xxx” 400 0 “-” “-“
설정 후
10.5.x.xxx 443 115.68.xx.xx 36270 – – [19/Jan/2022:00:53:03 +0900] “GET / HTTP/1.1” 200 39 “-” “curl/7.68.0”
10.5.x.xxx 80 115.68.xx.xx 40948 – – [19/Jan/2022:00:53:34 +0900] “GET / HTTP/1.1” 200 39 “-” “curl/7.68.0”