I trying to getting client real ip in bitbucket access log.
Here it says
https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/
For a TCP stream, the PROXY protocol can be enabled for connections between NGINX and an upstream server. To enable the PROXY protocol, include the
proxy_protocol
directive in aserver
block at thestream {}
level:stream { server { listen 12345; proxy_pass example.com:12345; proxy_protocol on; } }
...
Additionally, a TCP server (the
stream {}
block) sends its own PROXY protocol data to its backend servers (theproxy_protocol on
directive)
And here docs abut enabling ssh proxy protocol on Bitbucket side (enabled on my instance)
Bitbucket Data Center 7.20 and newer have PROXY protocol enabled by default.
However, you can always set it explicitly in $bitbucket_home/shared/bitbucket.properties:
plugin.ssh.haproxy.proxy-enabled=true
My nginx config
stream {
log_format main '[$time_local] $remote_addr - $server_addr:$server_port '
'$status [$bytes_sent/$bytes_received]';
upstream be-bitbucket-ssh {
server 127.0.0.1:7999 max_conns=0;
}
limit_conn_zone $binary_remote_addr zone=addr:10m;
server {
listen 7922reuseport proxy_protocol;
set_real_ip_from 0.0.0.0/0;
access_log /var/log/nginx/git/access.ssh.log main;
error_log /var/log/nginx/git/error.ssh.log;
limit_conn addr 8;
limit_conn_log_level error;
proxy_pass be-bitbucket-ssh;
proxy_protocol on;
}
}
When proxy_protocol on; in nginx config uncommented, i getting this error
Cloning into 'test'...
Bad packet length 1433301877.
ssh_dispatch_run_fatal: Connection to 10.228.65.36port 22: message authentication code incorrect
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Without that all works fine.
What i should to do? :)