Laravel:通过Docker获得负载平衡AWS Elastic Beanstalk背后的正确IP
我的Laravel6.x设置由一个Docker组成,它运行在一个弹性Beanstalk中,使用负载平衡器后面的NGinx代理 通过这种设置,我很难获得正确的IP地址,这会影响Throttle中间件,因为IP Laravel从主机或负载平衡器获取 因此,每个用户都与每个人就油门的限制达成一致 有没有办法解决这个问题 这是$\u服务器的副本。在本例中,正确的IP是HTTP_X_FORWARDED_中的第一个IP。此场景的正确IP为Laravel:通过Docker获得负载平衡AWS Elastic Beanstalk背后的正确IP,laravel,docker,amazon-elastic-beanstalk,laravel-6,Laravel,Docker,Amazon Elastic Beanstalk,Laravel 6,我的Laravel6.x设置由一个Docker组成,它运行在一个弹性Beanstalk中,使用负载平衡器后面的NGinx代理 通过这种设置,我很难获得正确的IP地址,这会影响Throttle中间件,因为IP Laravel从主机或负载平衡器获取 因此,每个用户都与每个人就油门的限制达成一致 有没有办法解决这个问题 这是$\u服务器的副本。在本例中,正确的IP是HTTP_X_FORWARDED_中的第一个IP。此场景的正确IP为188.67.242.77 Array ( ... [
188.67.242.77
Array
(
...
[HTTP_X_REAL_IP] => 172.31.28.165
[HTTP_X_FORWARDED_FOR] => 188.67.242.77, 172.31.28.165
[HTTP_X_FORWARDED_PROTO] => https
[HTTP_X_FORWARDED_PORT] => 443
...
[SERVER_SOFTWARE] => Apache/2.4.38 (Debian)
[SERVER_NAME] => {MASKED}
[SERVER_ADDR] => 172.17.0.3
[SERVER_PORT] => 80
[REMOTE_ADDR] => 172.17.0.1
...
[REMOTE_PORT] => 47334
...
[SCRIPT_NAME] => /index.php
[PHP_SELF] => /index.php
[REQUEST_TIME_FLOAT] => 1584032941.764
[REQUEST_TIME] => 1584032941
)
测试了在TrustProxies.php中改变我所能想象的一切受保护的$headers
设置为请求::HEADER\u X\u转发到AWS\u ELB
,请求::HEADER\u X\u转发到所有
,请求::HEADER\u X\u转发给
,以及受保护的$proxy
到*
和**
。混合和匹配的可能性。无益。我得到了172.17.0.1(主机ip)或172.31.28.165(负载平衡器ip)
有什么想法吗
事先非常感谢
==3月17日更新===
AWS代理nginx文件
map $http_upgrade $connection_upgrade {
default "upgrade";
"" "";
}
server {
listen 80;
gzip on;
gzip_comp_level 4;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log;
location / {
proxy_pass http://docker;
proxy_http_version 1.1;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
==3月18日更新===
Docker中的apache vhost文件
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot ${APACHE_DOCUMENT_ROOT}
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
#ServerName指令设置请求方案、主机名和端口
#服务器使用来标识自身。这在创建时使用
#重定向URL。在虚拟主机的上下文中,服务器名
#指定必须在请求的主机:标头中显示的主机名
#匹配此虚拟主机。对于默认虚拟主机(此文件),此
#该值不是决定性的,因为它被用作最后的宿主。
#但是,必须为任何其他虚拟主机显式设置它。
#服务器名www.example.com
服务器管理员webmaster@localhost
DocumentRoot${APACHE_DOCUMENT_ROOT}
#可用日志级别:trace8、…、trace1、调试、信息、通知、警告、,
#错误、暴击、警报、紧急情况。
#还可以为特定应用程序配置日志级别
#模块,例如。
#日志级别信息ssl:警告
ErrorLog${APACHE_LOG_DIR}/error.LOG
CustomLog${APACHE\u LOG\u DIR}/access.LOG组合
#对于conf/available/中的大多数配置文件
#在全局级别启用或禁用,可以
#仅包含一个特定虚拟主机的行。例如
#以下行仅为此主机启用CGI配置
#在使用“A2F”全局禁用后。
#包括conf available/service-cgi-bin.conf
如果您的Laravel实例在Docker容器中运行,并且由nginx提供服务,那么您可以在Docker的nginx虚拟主机配置中使用HTTP\u X\u REAL\u IP
覆盖远程地址
server {
listen 80;
index index.php index.html;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/public_html;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass app:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
# Override the load balancer IP with real IP.
fastcgi_param REMOTE_ADDR $http_x_real_ip;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
}
}
如果您的Laravel实例在Docker容器中运行,并且由nginx提供服务,则可以使用Docker的nginx虚拟主机配置中的HTTP\u X\u REAL\u IP
覆盖REMOTE\u ADDR
server {
listen 80;
index index.php index.html;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/public_html;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass app:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
# Override the load balancer IP with real IP.
fastcgi_param REMOTE_ADDR $http_x_real_ip;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
}
}
这太棒了@mllnd。非常感谢你。下星期我要试一试,不行。我用默认的AWS NGINX配置更新了线程$http_x_real_ip在此上下文中似乎是空的。@AndréGumieri您是否也可以在Docker实例中共享您的nginx vhost?那个真正为Laravel服务的。对不起,我没说清楚,但Docker内部实际上运行的是Apache。vhost文件在线程中更新。谢谢你的帮助help@AndréGumieri在这种情况下,我相信这篇文章可能会对你有所帮助-这真是太棒了@mllnd。非常感谢你。下星期我要试一试,不行。我用默认的AWS NGINX配置更新了线程$http_x_real_ip在此上下文中似乎是空的。@AndréGumieri您是否也可以在Docker实例中共享您的nginx vhost?那个真正为Laravel服务的。对不起,我没说清楚,但Docker内部实际上运行的是Apache。vhost文件在线程中更新。谢谢你的帮助help@Andr在这种情况下,我相信这篇文章可能会对你有所帮助-