{"componentChunkName":"component---src-templates-post-template-jsx","path":"/works/posts/2022-08-21--001","result":{"data":{"site":{"siteMetadata":{"title":"Blog by Eunyoung","subtitle":"작업 기록 블로그","copyright":"© All rights reserved.","author":{"name":"EunYoung","twitter":"#"},"disqusShortname":"","url":"https://ssongey.github.io"}},"markdownRemark":{"id":"bd7de89c-15fe-5e86-b580-8baad27f95e3","html":"<p>내가 담당하고 있는 서비스에서 클라이언트 IP가 필요한 상황이 생겼는데, 계속 서버IP가 들어와서 해당 작업을 하게되었다.<br>\n이때 offloading 개념을 알게되어 정리한다.</p>\n<h2>✔️ 기존 구성</h2>\n<ul>\n<li>ingress 까지 HTTPS 구간이라 클라이언트와 ingress의 구현체인 nginx가 SSL 커넥션을 맺고 있다.</li>\n<li>그러다보니 빨간색 구간이 모두 암호화되어 LB에서 헤더를 삽입할 수 없어 클라이언트 IP를 얻을 수 없는 상태였다.</li>\n<li>KIC의 LB가 아직 <strong>Terminated HTTPS(HTTPS Offloading)</strong> 도입이 되지 않아 현재 상태로는 클라이언트 IP를 얻는건 불가능 했다.</li>\n<li>\n<p>이때 LB 와 인그레스와의 설정은 아래와 같다.</p>\n<ul>\n<li><strong>HTTPS → 443(HTTPS)</strong></li>\n<li><strong>HTTP → 80(HTTP)</strong></li>\n<li>인증서는 인그레스 쪽에 설치</li>\n</ul>\n</li>\n</ul>\n<p>\n  <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/devHistoryBlog/static/0cf8dda803035b2ea83ca5f4c4a28892/e4d4a/001-01.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n  \n  <span\n    class=\"gatsby-resp-image-wrapper\"\n    style=\"position: relative; display: block;  max-width: 960px; margin-left: auto; margin-right: auto;\"\n  >\n    <span\n      class=\"gatsby-resp-image-background-image\"\n      style=\"padding-bottom: 31.25%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAGCAYAAADDl76dAAAACXBIWXMAABYlAAAWJQFJUiTwAAABYUlEQVQY0x2RWZOaUBCF+f//JylLp5yUBBdkVBRFVocdARcyE8eJy5cLD1/d7vNw7ulu6bHPeGYxzzzhnkYtTd3wEDp5ytk2OZkr7F2MvstxshPR+YpffuDua/ziD05ek9VfSP/igItr8eXZkIQ8BRdR/xXaLfQ5GDpGr4P50mEweuPncMGbExPVN+ZeysQMGG92TLYBbnpAOlkbgrFCPtc4rJeUq0VbN/jKgHI5x5F/Yb/2UNQFXdVAs0KMsGwNZd2mr63FJwl2XCJ9eA6JNqHQZ5y3a86mQSVMC2HU6KE6wuy/sO13kcczOuMlUytgHVXiDRnMt/yQNRTDwwxypEezs/i9pRmZJOAe7lqa/irGdwevOCLhcKrTnYo0bkJw+hYJM2YiZU9doVoRbnYUhlVBc5h7c5wi55pEbIa/2YwUjs1ej2WrXQKfOK94rz5ZuSGytmTlRew/by1pfeV4ufEfRj6vn+4J6DIAAAAASUVORK5CYII='); background-size: cover; display: block;\"\n    >\n      <img\n        class=\"gatsby-resp-image-image\"\n        style=\"width: 100%; height: 100%; margin: 0; vertical-align: middle; position: absolute; top: 0; left: 0; box-shadow: inset 0px 0px 0px 400px white;\"\n        alt=\"001 01\"\n        title=\"\"\n        src=\"/devHistoryBlog/static/0cf8dda803035b2ea83ca5f4c4a28892/d9199/001-01.png\"\n        srcset=\"/devHistoryBlog/static/0cf8dda803035b2ea83ca5f4c4a28892/8ff5a/001-01.png 240w,\n/devHistoryBlog/static/0cf8dda803035b2ea83ca5f4c4a28892/e85cb/001-01.png 480w,\n/devHistoryBlog/static/0cf8dda803035b2ea83ca5f4c4a28892/d9199/001-01.png 960w,\n/devHistoryBlog/static/0cf8dda803035b2ea83ca5f4c4a28892/07a9c/001-01.png 1440w,\n/devHistoryBlog/static/0cf8dda803035b2ea83ca5f4c4a28892/29114/001-01.png 1920w,\n/devHistoryBlog/static/0cf8dda803035b2ea83ca5f4c4a28892/e4d4a/001-01.png 2198w\"\n        sizes=\"(max-width: 960px) 100vw, 960px\"\n      />\n    </span>\n  </span>\n  \n  </a>\n    </p>\n<h2>✔️ 변경된 구성</h2>\n<ul>\n<li>그래서 별도로 LB VIP 요청을 하여 ssl offloading 및 x-forwarded-for 적용을 하였다.</li>\n<li>\n<p>이때 new LB 와 인그레스와의 설정은 아래와 같다. (계속 https → 443 으로 연결해서.. 삽질했다)</p>\n<ul>\n<li><strong>HTTPS → 80(HTTP)</strong></li>\n<li><strong>HTTP → 80(HTTP)</strong></li>\n<li>인증서는 new LB에 설치</li>\n</ul>\n</li>\n</ul>\n<p>\n  <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/devHistoryBlog/static/c173f98c4a21fba34d4fa56f72b0dec5/5b2ff/001-02.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n  \n  <span\n    class=\"gatsby-resp-image-wrapper\"\n    style=\"position: relative; display: block;  max-width: 960px; margin-left: auto; margin-right: auto;\"\n  >\n    <span\n      class=\"gatsby-resp-image-background-image\"\n      style=\"padding-bottom: 31.25%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAGCAYAAADDl76dAAAACXBIWXMAABYlAAAWJQFJUiTwAAABZUlEQVQY0x2RbXOaYBBF+f//p500ZsykaVWiKAqKKCLvIGoCaEzU4unKhzt35+7OmWefVeos4ZZGoph/SUh9VxaTfXwSFGfi8sw0yDG8DNPfMFmnLNMPwuIbd3vA2ZSs8opFVpCWXyiXYM3JsflyFyCwW+TzuVrixjuc3QndTfnxR+OhM6KlTsR1hk5MWF0bVy2fnuWJfJxkj7KfGfi9vyTaG4U1ZTseEkmt6hbPQwt9ldAeTBvY3Z/eDAZ2gOHnjKT3Ol40uSbwRZSjVMs5Ub9HLqDKngnUJB720cwlnalL11zxq6vzKLrDWuqYvgDNYNv4y2jOz9cBHdPF8lOUOg5kTY869Jp1EdVRQLw/4hUX7LTgqT/lUTVoazNaAh06CUF5YSTfoUl9z1Q7xEnfUdjnHP01498v2GqXg+dy227YyFHi8pvN4YK/O7DOS3lBRrs7QJ3MCSTLpJdWZ/LjtZl9P135DwqFr3pERyQTAAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n    >\n      <img\n        class=\"gatsby-resp-image-image\"\n        style=\"width: 100%; height: 100%; margin: 0; vertical-align: middle; position: absolute; top: 0; left: 0; box-shadow: inset 0px 0px 0px 400px white;\"\n        alt=\"001 02\"\n        title=\"\"\n        src=\"/devHistoryBlog/static/c173f98c4a21fba34d4fa56f72b0dec5/d9199/001-02.png\"\n        srcset=\"/devHistoryBlog/static/c173f98c4a21fba34d4fa56f72b0dec5/8ff5a/001-02.png 240w,\n/devHistoryBlog/static/c173f98c4a21fba34d4fa56f72b0dec5/e85cb/001-02.png 480w,\n/devHistoryBlog/static/c173f98c4a21fba34d4fa56f72b0dec5/d9199/001-02.png 960w,\n/devHistoryBlog/static/c173f98c4a21fba34d4fa56f72b0dec5/07a9c/001-02.png 1440w,\n/devHistoryBlog/static/c173f98c4a21fba34d4fa56f72b0dec5/29114/001-02.png 1920w,\n/devHistoryBlog/static/c173f98c4a21fba34d4fa56f72b0dec5/5b2ff/001-02.png 2190w\"\n        sizes=\"(max-width: 960px) 100vw, 960px\"\n      />\n    </span>\n  </span>\n  \n  </a>\n    </p>\n<h2>✔️ HTTPS Offloading ?</h2>\n<ul>\n<li>서버 애플리케이션 외에서 SSL/TLS(이하 TLS) 처리를 대신 하는 것을 말한다.</li>\n<li>대부분의 서비스의 경우 API 서버군 앞에 Proxy 서버를 두고 해당 Proxy 서버에 SSL 관련 작업을 위임한다.</li>\n<li>Proxy 서버를 거친 데이터는 decrpty 되어 HTTP 통신을 하게 되므로. HTTPS를 사용해 통신하는 것 보다 빠른 속도로 통신하게 된다.</li>\n</ul>\n<p>\n  <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/devHistoryBlog/static/f2556b08477328af1984eade598db5b1/7d62e/001-03.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n  \n  <span\n    class=\"gatsby-resp-image-wrapper\"\n    style=\"position: relative; display: block;  max-width: 960px; margin-left: auto; margin-right: auto;\"\n  >\n    <span\n      class=\"gatsby-resp-image-background-image\"\n      style=\"padding-bottom: 36.66666666666667%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAHCAYAAAAIy204AAAACXBIWXMAABYlAAAWJQFJUiTwAAABTUlEQVQoz32R3U7CQBCFeWEfxVuvfAav9IYfvQCTJkghJmIgbQUKBQKUQmH738/dheodJ9l0O7Mzc+acWhAEuK7LYu7gzn6wLIvRaMRkMtF3f7cCSvKioLhxyrIkyzJqlDlxHNEd7LAcH3EOORyOJEki4zH1tzVzL0VB1txEnuey4RXDUcF+r8sQIiIMQ7I0ZS4JLteC0ynULEQUcTwe/4am8o3v+7qZYnppKCd7wYbt6SALT9iOjW3bbLYbSAUfXYOeaeqCpbdgPB5LiVwSuYEp44Zh6CEKtWqXu4dH7p9eWAcOn67B6uBiztrsvBWtRpOv4ZAkOiO+n8l8h9hqEq2GtN8NzF4P5cV/Q4npZIrnLS9aFJJ+WWjqZyFodzq0XlvXovJignoj1+z3BzQadW2sblg5VKH6r77qRFI3JYXSqcoV15xyVpmnYir/C043E7rBFsVlAAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n    >\n      <img\n        class=\"gatsby-resp-image-image\"\n        style=\"width: 100%; height: 100%; margin: 0; vertical-align: middle; position: absolute; top: 0; left: 0; box-shadow: inset 0px 0px 0px 400px white;\"\n        alt=\"001 03\"\n        title=\"\"\n        src=\"/devHistoryBlog/static/f2556b08477328af1984eade598db5b1/d9199/001-03.png\"\n        srcset=\"/devHistoryBlog/static/f2556b08477328af1984eade598db5b1/8ff5a/001-03.png 240w,\n/devHistoryBlog/static/f2556b08477328af1984eade598db5b1/e85cb/001-03.png 480w,\n/devHistoryBlog/static/f2556b08477328af1984eade598db5b1/d9199/001-03.png 960w,\n/devHistoryBlog/static/f2556b08477328af1984eade598db5b1/07a9c/001-03.png 1440w,\n/devHistoryBlog/static/f2556b08477328af1984eade598db5b1/29114/001-03.png 1920w,\n/devHistoryBlog/static/f2556b08477328af1984eade598db5b1/7d62e/001-03.png 2368w\"\n        sizes=\"(max-width: 960px) 100vw, 960px\"\n      />\n    </span>\n  </span>\n  \n  </a>\n    </p>\n<h2>✔️ <strong>X-Forwarded-For(XFF) 란?</strong></h2>\n<ul>\n<li>XFF 는 HTTP Header 중 하나로 HTTP Server 에 요청한 Client 의 IP 를 식별하기 위한 표준이다.</li>\n</ul>\n<br/>\n<br/>\n<p>참고)<br>\n<a href=\"https://minholee93.tistory.com/entry/SSL-offloading-%EC%9D%B4%EB%9E%80-%EB%AC%B4%EC%97%87%EC%9D%BC%EA%B9%8C\">[TIL] SSL offloading 이란 무엇일까?</a></p>","fields":{"tagSlugs":["/tags//"],"slug":"/works/posts/2022-08-21--001"},"frontmatter":{"title":"SSL Offloading 작업","tags":[""],"date":"2022-08-21","description":""}}},"pageContext":{"slug":"/works/posts/2022-08-21--001"}},"staticQueryHashes":[]}