nginx服务器看到自己的ip，而不是反向代理ip

我有两台服务器，一台是应用服务器，另一台是反向代理

用户->代理服务器->应用服务器

当用户来自代理服务器时，我将检查ip，如果ip来自代理服务器，则用户将自动登录

代理服务器配置

server {
    ...
    location / { 
        include  /etc/nginx/mime.types;
        proxy_pass http://app.server.com;
    }   
}

server {
    ...
    # rewrite request
    rewrite ^/request/(.*)$ /request.php?uri=$uri last;

    location @rewrite {
        rewrite ^(.+)$ /index.php?_url=$1;
    }

    location ~ \.php$ {
        fastcgi_buffer_size        128k;
        fastcgi_buffers            256 16k;
        fastcgi_busy_buffers_size  256k;

        include fastcgi_params;
        fastcgi_pass    backend;
        fastcgi_index   index.php;
        fastcgi_split_path_info       ^(.+\.php)(/.+)$;
        fastcgi_param PATH_INFO       $fastcgi_path_info;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}

sever {
    ...
    set_real_ip_from 0.0.0.0/0;
    real_ip_header    X-Forwarded-For;
    real_ip_recursive on; 

    # rewrite api 
    rewrite ^/api/(.*)$ /route.php?uri=$uri last;

    location @rewrite {

        rewrite ^(.+)$ /index.php?_url=$1;
    }   

    location ~ \.php$ {
        fastcgi_buffer_size        128k;
        fastcgi_buffers            256 16k;
        fastcgi_busy_buffers_size  256k;

        include fastcgi_params;
        fastcgi_pass    backend;
        fastcgi_index   index.php;
        fastcgi_split_path_info       ^(.+\.php)(/.+)$;
        fastcgi_param PATH_INFO       $fastcgi_path_info;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    } 
}

server {
    listen       1000;
    server_name  my.proxy.com;

    charset      utf-8;

    proxy_buffer_size   128k;
    proxy_buffers   4 256k;
    proxy_busy_buffers_size   256k;

    location / {
        include  /etc/nginx/mime.types;
        proxy_pass http://app.server.com;
    }
}

应用程序服务器配置

server {
    ...
    location / { 
        include  /etc/nginx/mime.types;
        proxy_pass http://app.server.com;
    }   
}

server {
    ...
    # rewrite request
    rewrite ^/request/(.*)$ /request.php?uri=$uri last;

    location @rewrite {
        rewrite ^(.+)$ /index.php?_url=$1;
    }

    location ~ \.php$ {
        fastcgi_buffer_size        128k;
        fastcgi_buffers            256 16k;
        fastcgi_busy_buffers_size  256k;

        include fastcgi_params;
        fastcgi_pass    backend;
        fastcgi_index   index.php;
        fastcgi_split_path_info       ^(.+\.php)(/.+)$;
        fastcgi_param PATH_INFO       $fastcgi_path_info;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}

sever {
    ...
    set_real_ip_from 0.0.0.0/0;
    real_ip_header    X-Forwarded-For;
    real_ip_recursive on; 

    # rewrite api 
    rewrite ^/api/(.*)$ /route.php?uri=$uri last;

    location @rewrite {

        rewrite ^(.+)$ /index.php?_url=$1;
    }   

    location ~ \.php$ {
        fastcgi_buffer_size        128k;
        fastcgi_buffers            256 16k;
        fastcgi_busy_buffers_size  256k;

        include fastcgi_params;
        fastcgi_pass    backend;
        fastcgi_index   index.php;
        fastcgi_split_path_info       ^(.+\.php)(/.+)$;
        fastcgi_param PATH_INFO       $fastcgi_path_info;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    } 
}

server {
    listen       1000;
    server_name  my.proxy.com;

    charset      utf-8;

    proxy_buffer_size   128k;
    proxy_buffers   4 256k;
    proxy_busy_buffers_size   256k;

    location / {
        include  /etc/nginx/mime.types;
        proxy_pass http://app.server.com;
    }
}

基本上，所有对代理的请求都会传递到应用服务器。假设我的应用服务器ip为5.6.7.8，代理ip为1.2.3.4。当我在chrome中打开代理服务器时，chrome调试工具会在标头的常规部分的远程地址（1.2.3.4）中显示代理ip地址。但是，当我尝试从$_SERVER['REMOTE_ADDR']访问ip时，它给出了app SERVER本身的ip地址（5.6.7.8）

我已经尝试了这些配置，但是远程地址仍然显示了应用服务器的ip和真正的客户端ip的X-Forwarded-For，这不是我想要的

proxy_set_header HOST $host; <- this makes proxy server always responds with 404
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

现在，代理服务器配置如下所示

server {
    ...
    location / { 
        include  /etc/nginx/mime.types;
        set_real_ip_from 0.0.0.0/0;
        real_ip_header    X-Forwarded-For;
        real_ip_recursive on; 
        proxy_pass http://app.server.com;
    }   
}

但问题仍然存在，应用服务器仍然有自己的ip地址

---

在app server上测试真实的ip头配置

应用程序服务器配置

server {
    ...
    location / { 
        include  /etc/nginx/mime.types;
        proxy_pass http://app.server.com;
    }   
}

server {
    ...
    # rewrite request
    rewrite ^/request/(.*)$ /request.php?uri=$uri last;

    location @rewrite {
        rewrite ^(.+)$ /index.php?_url=$1;
    }

    location ~ \.php$ {
        fastcgi_buffer_size        128k;
        fastcgi_buffers            256 16k;
        fastcgi_busy_buffers_size  256k;

        include fastcgi_params;
        fastcgi_pass    backend;
        fastcgi_index   index.php;
        fastcgi_split_path_info       ^(.+\.php)(/.+)$;
        fastcgi_param PATH_INFO       $fastcgi_path_info;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}

sever {
    ...
    set_real_ip_from 0.0.0.0/0;
    real_ip_header    X-Forwarded-For;
    real_ip_recursive on; 

    # rewrite api 
    rewrite ^/api/(.*)$ /route.php?uri=$uri last;

    location @rewrite {

        rewrite ^(.+)$ /index.php?_url=$1;
    }   

    location ~ \.php$ {
        fastcgi_buffer_size        128k;
        fastcgi_buffers            256 16k;
        fastcgi_busy_buffers_size  256k;

        include fastcgi_params;
        fastcgi_pass    backend;
        fastcgi_index   index.php;
        fastcgi_split_path_info       ^(.+\.php)(/.+)$;
        fastcgi_param PATH_INFO       $fastcgi_path_info;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    } 
}

server {
    listen       1000;
    server_name  my.proxy.com;

    charset      utf-8;

    proxy_buffer_size   128k;
    proxy_buffers   4 256k;
    proxy_busy_buffers_size   256k;

    location / {
        include  /etc/nginx/mime.types;
        proxy_pass http://app.server.com;
    }
}

代理服务器配置

server {
    ...
    location / { 
        include  /etc/nginx/mime.types;
        proxy_pass http://app.server.com;
    }   
}

server {
    ...
    # rewrite request
    rewrite ^/request/(.*)$ /request.php?uri=$uri last;

    location @rewrite {
        rewrite ^(.+)$ /index.php?_url=$1;
    }

    location ~ \.php$ {
        fastcgi_buffer_size        128k;
        fastcgi_buffers            256 16k;
        fastcgi_busy_buffers_size  256k;

        include fastcgi_params;
        fastcgi_pass    backend;
        fastcgi_index   index.php;
        fastcgi_split_path_info       ^(.+\.php)(/.+)$;
        fastcgi_param PATH_INFO       $fastcgi_path_info;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}

sever {
    ...
    set_real_ip_from 0.0.0.0/0;
    real_ip_header    X-Forwarded-For;
    real_ip_recursive on; 

    # rewrite api 
    rewrite ^/api/(.*)$ /route.php?uri=$uri last;

    location @rewrite {

        rewrite ^(.+)$ /index.php?_url=$1;
    }   

    location ~ \.php$ {
        fastcgi_buffer_size        128k;
        fastcgi_buffers            256 16k;
        fastcgi_busy_buffers_size  256k;

        include fastcgi_params;
        fastcgi_pass    backend;
        fastcgi_index   index.php;
        fastcgi_split_path_info       ^(.+\.php)(/.+)$;
        fastcgi_param PATH_INFO       $fastcgi_path_info;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    } 
}

server {
    listen       1000;
    server_name  my.proxy.com;

    charset      utf-8;

    proxy_buffer_size   128k;
    proxy_buffers   4 256k;
    proxy_busy_buffers_size   256k;

    location / {
        include  /etc/nginx/mime.types;
        proxy_pass http://app.server.com;
    }
}

问题仍然存在

---

我的代理配置结果是这样的，现在我从X-Forwarded-For获取代理服务器ip

server {
    ...
    location / {
        include  /etc/nginx/mime.types;
        proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_pass http://app.server.com;
    }                                                                                                                                                                                                         
}

---

使用

ngx\u http\u realip\u模块

模块-用于将客户端地址更改为在指定的头字段中发送的地址

例如：

# Set the client remote address to the one sent in the X_FORWARDED_FOR header from trusted addresses.
set_real_ip_from  192.168.1.0/24;
set_real_ip_from  192.168.2.1;
set_real_ip_from  2001:0db8::/32;
real_ip_header    X-Forwarded-For;
real_ip_recursive on;

资料来源：

---

我假设您仍然想知道真实客户端的IP地址，以及代理服务器的IP地址

代理服务器

添加自定义标题<代码>反向-通过包括代理服务器的地址。这允许应用服务器通过头读取IP地址的

反向

server {
    listen       1000;
    server_name  my.proxy.com;

    charset      utf-8;

    proxy_buffer_size   128k;
    proxy_buffers   4 256k;
    proxy_busy_buffers_size   256k;

    location / {
        include  /etc/nginx/mime.types;
        proxy_pass http://app.server.com;
        proxy_set_header  X-Real-IP         $remote_addr;
        proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header  REVERSE-VIA       $server_addr;
    }
}

应用服务器

server {
    ...
    set_real_ip_from 0.0.0.0/0;
    real_ip_header    X-Forwarded-For;
    real_ip_recursive on; 

    # rewrite api 
    rewrite ^/api/(.*)$ /route.php?uri=$uri last;

    location @rewrite {

        rewrite ^(.+)$ /index.php?_url=$1;
    }   

    location ~ \.php$ {
        fastcgi_buffer_size        128k;
        fastcgi_buffers            256 16k;
        fastcgi_busy_buffers_size  256k;

        include fastcgi_params;
        fastcgi_pass    backend;
        fastcgi_index   index.php;
        fastcgi_split_path_info       ^(.+\.php)(/.+)$;
        fastcgi_param PATH_INFO       $fastcgi_path_info;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    } 
}

我试过了，但还是得到了相同的应用服务器ip。我的配置有什么问题吗？我真的很感谢你能提供的任何帮助。你有“重新加载/重新启动”吗？嗯，我有。。。不管怎样，万一我真是个笨蛋，我就再做一次。不，仍不工作。请将真实的\u ip\u标头移动到app server。重新加载两个nginx。不过，运气不好。谢谢你更新配置。在本例中，我确实看到了
X-Forwarded-For
，但它提供了
真正的客户端ip
，而不是
代理服务器ip
，对于
远程地址
也是如此。