运行环境:centos 7.6下,只使用Nginx做为转发到emqx。
需求:通过ws在emqx消息的获取出真实的IP,目前用的是emqx消息中的peername字段
已经参考过贴子方法一和方法二做了很多尝试: 就没有用nginx转发ws/wss配置proxy_protocol获取真实IP的案例吗 - EMQX - EMQ 问答社区 (askemq.com)
emqx配置
listeners.tcp.default {
bind = “0.0.0.0:1884”
max_connections = 1024000
proxy_protocol = true
}
nginx配置:
server {
listen 8083 proxy_protocol;
#proxy_protocol on;
server_name localhost;
set_real_ip_from 192.168.3.0/24;
real_ip_header proxy_protocol;
location /mqtt {
#proxy_pass http://device-mqtt-ws/mqtt;
proxy_pass http://emqx10-01.cn-shanghai-internal.xsgee.com:8085;
proxy_connect_timeout 90;
proxy_read_timeout 90;
proxy_send_timeout 90;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
}
}
出现问题:
nginx出现错误提示
[error] 20336#19608: *21 broken header: "GET /mqtt HTTP/1.1
Sec-WebSocket-Version: 13
Sec-WebSocket-Key: 0oIyiTDzA2y1BBzIukEBlw==
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Sec-WebSocket-Protocol: mqtt
Host: mqtt-10.cn-shanghai-dev.xsgee.com:8083
" while reading PROXY protocol, client: 127.0.0.1, server: 0.0.0.0:8083
恳请指导一下:
- 是不是nginx用proxy_protocol必须要用haproxy
- 如果不是必须用haproxy,如何配置nginx,让emqx拿到真实ip
- 如果proxy_protocol行不通,我在emqx中使用如下配置也拿不到真实ip,请问是哪出现了问题
listeners.ws.default {
bind = “0.0.0.0:8085”
max_connections = 1024000
websocket.mqtt_path = “/mqtt”
websocket.proxy_address_header = X-Forwarded-For
websocket.proxy_port_header = X-Forwarded-Port
}
其中无论X-Forwarded-For在nginx中配置了任何值,emqx ws peername只能拿到本地ip 192.168.1.50
在emqx.conf中加入,ws也无法获取出真实ip
listener.ws.default.proxy_address_header = X-Forwarded-For
listener.ws.external.proxy_address_header = X-Forwarded-For