I trying to getting client real ip in bitbucket access log.
Here it says
https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/
For a TCP stream, the PROXY protocol can be enabled for connections between NGINX and an upstream server. To enable the PROXY protocol, include the proxy_protocol directive in a server block at the stream {} level:
stream {
server {
listen 12345;
proxy_pass example.com:12345;
proxy_protocol on;
}
}
...
Additionally, a TCP server (the stream {} block) sends its own PROXY protocol data to its backend servers (the proxy_protocol on directive)
And here docs abut enabling ssh proxy protocol on Bitbucket side (enabled on my instance)
https://confluence.atlassian.com/bitbucketserverkb/how-to-enable-client-ip-forwarding-for-ssh-sessions-by-setting-up-proxy-protocol-for-bitbucket-data-center-1131089379.html
Bitbucket Data Center 7.20 and newer have PROXY protocol enabled by default.
However, you can always set it explicitly in $bitbucket_home/shared/bitbucket.properties:
plugin.ssh.haproxy.proxy-enabled=true
My nginx config
stream {
log_format main '[$time_local] $remote_addr - $server_addr:$server_port '
'$status [$bytes_sent/$bytes_received]';
upstream be-bitbucket-ssh {
server 127.0.0.1:7999 max_conns=0;
}
limit_conn_zone $binary_remote_addr zone=addr:10m;
server {
listen 7922reuseport proxy_protocol;
set_real_ip_from 0.0.0.0/0;
access_log /var/log/nginx/git/access.ssh.log main;
error_log /var/log/nginx/git/error.ssh.log;
limit_conn addr 8;
limit_conn_log_level error;
proxy_pass be-bitbucket-ssh;
proxy_protocol on;
}
}When proxy_protocol on; in nginx config uncommented, i getting this error
Cloning into 'test'...
Bad packet length 1433301877.
ssh_dispatch_run_fatal: Connection to 10.228.65.36port 22: message authentication code incorrect
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Without that all works fine.
What i should to do? :)
