chproxy
chproxy copied to clipboard
Published
20 hours ago •
ContentSquare
ContentSquare
http connections are not allowed from 172.x
version: chproxy_1.15.1_linux_amd64.tar.gz settings:
network_groups:
- name: "office"
networks: ["192.0.0.0/24", "172.0.0.0/24"]
- name: "reporting-apps"
networks: ["10.10.10.0/24"]
server:
http:
listen_addr: ":9091"
allowed_networks: ["office", "reporting-apps", "1.2.3.4"]
users:
- name: "default"
to_cluster: "distributed-write"
to_user: "ckadmin"
- name: "replica-write"
to_cluster: "replica-write"
to_user: "ckadmin"
- name: "distributed-read"
to_cluster: "distributed-read"
to_user: "ckadmin"
max_concurrent_queries: 6
max_execution_time: 1m
clusters:
- name: "distributed-write"
replicas:
- name: "replica1"
nodes: [
"172.16.163.37:8123",
"172.16.163.174:8123",
"172.16.163.99:8123",
"172.16.187.154:8123"
]
- name: "replica2"
nodes: [
"172.16.163.37:8123",
"172.16.163.174:8123",
"172.16.163.99:8123",
"172.16.187.154:8123"
]
users:
- name: "ckadmin"
password: "xxx"
- name: "replica-write"
replicas:
- name: "replica1"
nodes: ["172.16.163.37:8123","172.16.163.174:8123"]
- name: "replica2"
nodes: ["172.16.163.99:8123","172.16.187.154:8123"]
users:
- name: "ckadmin"
password: "xxx"
- name: "distributed-read"
nodes: [
"172.16.163.37:8123",
"172.16.163.174:8123",
"172.16.163.99:8123",
"172.16.187.154:8123"
]
users:
- name: "ckadmin"
password: "xxx"
caches:
- name: "shortterm"
mode: "file_system"
file_system:
max_size: 150Mb
dir: "/clickhouse/chproxy/cache/shortterm"
expire: 130s
Why do I keep reporting this
[root@centos users.d]# echo 'SELECT 1' | curl 'http://172.16.182.192:9091/?user=distributed-read&password=' --data-binary @-
http connections are not allowed from 172.16.163.37:55800
Your "office" network_group is 172.0.0.0/24 but this does not cover 172.16.163.37 IP address your request is coming from.
Most likely you should be using standard reserved IPv4 address blocks: 192.168.0.0/16 and 172.16.0.0/12
