nginx 服务器看到自己的 ip 而不是反向代理 ip
nginx server sees its own ip instead of reverse proxy ip
我有两台服务器,一台是应用服务器,一台是反向代理。
用户 -> 代理服务器 -> 应用服务器
当用户来自代理服务器时,我会检查 ip,如果 ip 来自代理服务器,则用户会自动登录。
代理服务器配置
server {
...
location / {
include /etc/nginx/mime.types;
proxy_pass http://app.server.com;
}
}
应用服务器配置
server {
...
# rewrite request
rewrite ^/request/(.*)$ /request.php?uri=$uri last;
location @rewrite {
rewrite ^(.+)$ /index.php?_url=;
}
location ~ \.php$ {
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
include fastcgi_params;
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
基本上,所有对代理的请求都传递给应用服务器。假设我的应用服务器ip是5.6.7.8,代理ip是1.2.3.4。当我在chrome中打开代理服务器时,chrome调试工具在Header的General部分的Remote Address(1.2.3.4)中显示代理IP地址。但是,当我尝试从 $_SERVER['REMOTE_ADDR'] 访问 ip 时,它给出了应用服务器本身的 ip 地址(5.6.7.8)。
我已经尝试过这些配置,但远程地址仍然显示应用服务器的 ip 和真实客户端 ip 的 X-Forwarded-For,这不是我想要的。
proxy_set_header HOST $host; <- this makes proxy server always responds with 404
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
如何从$_SERVER['REMOTE_ADDR']或其他字段获取代理ip?
我预建的nginx没有这个模块,所以我自己建了一个。
nginx version: nginx/1.4.7
built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)
TLS SNI support enabled
configure arguments: --prefix=/usr/local --sbin-path=/usr/local/sbin --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_ssl_module --with-http_gzip_static_module --with-http_realip_module --with-http_sub_module
现在代理服务器配置看起来像
server {
...
location / {
include /etc/nginx/mime.types;
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
proxy_pass http://app.server.com;
}
}
但问题依旧,应用服务器仍然有自己的IP地址。
在应用服务器上测试 real_ip_header 配置
应用服务器配置
sever {
...
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
# rewrite api
rewrite ^/api/(.*)$ /route.php?uri=$uri last;
location @rewrite {
rewrite ^(.+)$ /index.php?_url=;
}
location ~ \.php$ {
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
include fastcgi_params;
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
代理服务器配置
server {
listen 1000;
server_name my.proxy.com;
charset utf-8;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
location / {
include /etc/nginx/mime.types;
proxy_pass http://app.server.com;
}
}
问题依旧。
我的代理配置最终是这样的,我现在从 X-Forwarded-For 获取代理服务器 ip
server {
...
location / {
include /etc/nginx/mime.types;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://app.server.com;
}
}
使用ngx_http_realip_module模块 - 它用于将客户端地址更改为在指定的header字段中发送的地址。
示例:
# Set the client remote address to the one sent in the X_FORWARDED_FOR header from trusted addresses.
set_real_ip_from 192.168.1.0/24;
set_real_ip_from 192.168.2.1;
set_real_ip_from 2001:0db8::/32;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
来源:http://nginx.org/en/docs/http/ngx_http_realip_module.html
我想你还是想知道真实客户端的IP地址,以及代理服务器的IP地址。
代理服务器
添加自定义header; REVERSE-VIA 包括代理服务器的地址。这允许应用程序服务器读取 REVERSE-VIA header 的 IP 地址。
server {
listen 1000;
server_name my.proxy.com;
charset utf-8;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
location / {
include /etc/nginx/mime.types;
proxy_pass http://app.server.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REVERSE-VIA $server_addr;
}
}
应用服务器
server {
...
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
# rewrite api
rewrite ^/api/(.*)$ /route.php?uri=$uri last;
location @rewrite {
rewrite ^(.+)$ /index.php?_url=;
}
location ~ \.php$ {
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
include fastcgi_params;
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
我有两台服务器,一台是应用服务器,一台是反向代理。
用户 -> 代理服务器 -> 应用服务器
当用户来自代理服务器时,我会检查 ip,如果 ip 来自代理服务器,则用户会自动登录。
代理服务器配置
server {
...
location / {
include /etc/nginx/mime.types;
proxy_pass http://app.server.com;
}
}
应用服务器配置
server {
...
# rewrite request
rewrite ^/request/(.*)$ /request.php?uri=$uri last;
location @rewrite {
rewrite ^(.+)$ /index.php?_url=;
}
location ~ \.php$ {
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
include fastcgi_params;
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
基本上,所有对代理的请求都传递给应用服务器。假设我的应用服务器ip是5.6.7.8,代理ip是1.2.3.4。当我在chrome中打开代理服务器时,chrome调试工具在Header的General部分的Remote Address(1.2.3.4)中显示代理IP地址。但是,当我尝试从 $_SERVER['REMOTE_ADDR'] 访问 ip 时,它给出了应用服务器本身的 ip 地址(5.6.7.8)。
我已经尝试过这些配置,但远程地址仍然显示应用服务器的 ip 和真实客户端 ip 的 X-Forwarded-For,这不是我想要的。
proxy_set_header HOST $host; <- this makes proxy server always responds with 404
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
如何从$_SERVER['REMOTE_ADDR']或其他字段获取代理ip?
我预建的nginx没有这个模块,所以我自己建了一个。
nginx version: nginx/1.4.7
built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)
TLS SNI support enabled
configure arguments: --prefix=/usr/local --sbin-path=/usr/local/sbin --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_ssl_module --with-http_gzip_static_module --with-http_realip_module --with-http_sub_module
现在代理服务器配置看起来像
server {
...
location / {
include /etc/nginx/mime.types;
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
proxy_pass http://app.server.com;
}
}
但问题依旧,应用服务器仍然有自己的IP地址。
在应用服务器上测试 real_ip_header 配置
应用服务器配置
sever {
...
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
# rewrite api
rewrite ^/api/(.*)$ /route.php?uri=$uri last;
location @rewrite {
rewrite ^(.+)$ /index.php?_url=;
}
location ~ \.php$ {
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
include fastcgi_params;
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
代理服务器配置
server {
listen 1000;
server_name my.proxy.com;
charset utf-8;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
location / {
include /etc/nginx/mime.types;
proxy_pass http://app.server.com;
}
}
问题依旧。
我的代理配置最终是这样的,我现在从 X-Forwarded-For 获取代理服务器 ip
server {
...
location / {
include /etc/nginx/mime.types;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://app.server.com;
}
}
使用ngx_http_realip_module模块 - 它用于将客户端地址更改为在指定的header字段中发送的地址。
示例:
# Set the client remote address to the one sent in the X_FORWARDED_FOR header from trusted addresses.
set_real_ip_from 192.168.1.0/24;
set_real_ip_from 192.168.2.1;
set_real_ip_from 2001:0db8::/32;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
来源:http://nginx.org/en/docs/http/ngx_http_realip_module.html
我想你还是想知道真实客户端的IP地址,以及代理服务器的IP地址。
代理服务器
添加自定义header; REVERSE-VIA 包括代理服务器的地址。这允许应用程序服务器读取 REVERSE-VIA header 的 IP 地址。
server {
listen 1000;
server_name my.proxy.com;
charset utf-8;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
location / {
include /etc/nginx/mime.types;
proxy_pass http://app.server.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REVERSE-VIA $server_addr;
}
}
应用服务器
server {
...
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
# rewrite api
rewrite ^/api/(.*)$ /route.php?uri=$uri last;
location @rewrite {
rewrite ^(.+)$ /index.php?_url=;
}
location ~ \.php$ {
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
include fastcgi_params;
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}