nginx服务器看到自己的ip,而不是反向代理ip
我有两台服务器,一台是应用服务器,另一台是反向代理 用户->代理服务器->应用服务器 当用户来自代理服务器时,我将检查ip,如果ip来自代理服务器,则用户将自动登录 代理服务器配置nginx服务器看到自己的ip,而不是反向代理ip,nginx,reverse-proxy,Nginx,Reverse Proxy,我有两台服务器,一台是应用服务器,另一台是反向代理 用户->代理服务器->应用服务器 当用户来自代理服务器时,我将检查ip,如果ip来自代理服务器,则用户将自动登录 代理服务器配置 server { ... location / { include /etc/nginx/mime.types; proxy_pass http://app.server.com; } } server { ... # rewrite
server {
...
location / {
include /etc/nginx/mime.types;
proxy_pass http://app.server.com;
}
}
server {
...
# rewrite request
rewrite ^/request/(.*)$ /request.php?uri=$uri last;
location @rewrite {
rewrite ^(.+)$ /index.php?_url=$1;
}
location ~ \.php$ {
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
include fastcgi_params;
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
sever {
...
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
# rewrite api
rewrite ^/api/(.*)$ /route.php?uri=$uri last;
location @rewrite {
rewrite ^(.+)$ /index.php?_url=$1;
}
location ~ \.php$ {
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
include fastcgi_params;
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
server {
listen 1000;
server_name my.proxy.com;
charset utf-8;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
location / {
include /etc/nginx/mime.types;
proxy_pass http://app.server.com;
}
}
应用程序服务器配置
server {
...
location / {
include /etc/nginx/mime.types;
proxy_pass http://app.server.com;
}
}
server {
...
# rewrite request
rewrite ^/request/(.*)$ /request.php?uri=$uri last;
location @rewrite {
rewrite ^(.+)$ /index.php?_url=$1;
}
location ~ \.php$ {
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
include fastcgi_params;
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
sever {
...
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
# rewrite api
rewrite ^/api/(.*)$ /route.php?uri=$uri last;
location @rewrite {
rewrite ^(.+)$ /index.php?_url=$1;
}
location ~ \.php$ {
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
include fastcgi_params;
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
server {
listen 1000;
server_name my.proxy.com;
charset utf-8;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
location / {
include /etc/nginx/mime.types;
proxy_pass http://app.server.com;
}
}
基本上,所有对代理的请求都会传递到应用服务器。假设我的应用服务器ip为5.6.7.8,代理ip为1.2.3.4。当我在chrome中打开代理服务器时,chrome调试工具会在标头的常规部分的远程地址(1.2.3.4)中显示代理ip地址。但是,当我尝试从$_SERVER['REMOTE_ADDR']访问ip时,它给出了app SERVER本身的ip地址(5.6.7.8)
我已经尝试了这些配置,但是远程地址仍然显示了应用服务器的ip和真正的客户端ip的X-Forwarded-For,这不是我想要的
proxy_set_header HOST $host; <- this makes proxy server always responds with 404
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
现在,代理服务器配置如下所示
server {
...
location / {
include /etc/nginx/mime.types;
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
proxy_pass http://app.server.com;
}
}
但问题仍然存在,应用服务器仍然有自己的ip地址
在app server上测试真实的ip头配置 应用程序服务器配置
server {
...
location / {
include /etc/nginx/mime.types;
proxy_pass http://app.server.com;
}
}
server {
...
# rewrite request
rewrite ^/request/(.*)$ /request.php?uri=$uri last;
location @rewrite {
rewrite ^(.+)$ /index.php?_url=$1;
}
location ~ \.php$ {
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
include fastcgi_params;
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
sever {
...
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
# rewrite api
rewrite ^/api/(.*)$ /route.php?uri=$uri last;
location @rewrite {
rewrite ^(.+)$ /index.php?_url=$1;
}
location ~ \.php$ {
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
include fastcgi_params;
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
server {
listen 1000;
server_name my.proxy.com;
charset utf-8;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
location / {
include /etc/nginx/mime.types;
proxy_pass http://app.server.com;
}
}
代理服务器配置
server {
...
location / {
include /etc/nginx/mime.types;
proxy_pass http://app.server.com;
}
}
server {
...
# rewrite request
rewrite ^/request/(.*)$ /request.php?uri=$uri last;
location @rewrite {
rewrite ^(.+)$ /index.php?_url=$1;
}
location ~ \.php$ {
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
include fastcgi_params;
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
sever {
...
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
# rewrite api
rewrite ^/api/(.*)$ /route.php?uri=$uri last;
location @rewrite {
rewrite ^(.+)$ /index.php?_url=$1;
}
location ~ \.php$ {
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
include fastcgi_params;
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
server {
listen 1000;
server_name my.proxy.com;
charset utf-8;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
location / {
include /etc/nginx/mime.types;
proxy_pass http://app.server.com;
}
}
问题仍然存在
我的代理配置结果是这样的,现在我从X-Forwarded-For获取代理服务器ip
server {
...
location / {
include /etc/nginx/mime.types;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://app.server.com;
}
}
使用
ngx\u http\u realip\u模块
模块-用于将客户端地址更改为在指定的头字段中发送的地址
例如:
# Set the client remote address to the one sent in the X_FORWARDED_FOR header from trusted addresses.
set_real_ip_from 192.168.1.0/24;
set_real_ip_from 192.168.2.1;
set_real_ip_from 2001:0db8::/32;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
资料来源:
我假设您仍然想知道真实客户端的IP地址,以及代理服务器的IP地址 代理服务器 添加自定义标题<代码>反向-通过包括代理服务器的地址。这允许应用服务器通过头读取IP地址的
反向
server {
listen 1000;
server_name my.proxy.com;
charset utf-8;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
location / {
include /etc/nginx/mime.types;
proxy_pass http://app.server.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REVERSE-VIA $server_addr;
}
}
应用服务器
server {
...
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
# rewrite api
rewrite ^/api/(.*)$ /route.php?uri=$uri last;
location @rewrite {
rewrite ^(.+)$ /index.php?_url=$1;
}
location ~ \.php$ {
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
include fastcgi_params;
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
我试过了,但还是得到了相同的应用服务器ip。我的配置有什么问题吗?我真的很感谢你能提供的任何帮助。你有“重新加载/重新启动”吗?嗯,我有。。。不管怎样,万一我真是个笨蛋,我就再做一次。不,仍不工作。请将真实的\u ip\u标头移动到app server。重新加载两个nginx。不过,运气不好。谢谢你更新配置。在本例中,我确实看到了X-Forwarded-For
,但它提供了真正的客户端ip
,而不是代理服务器ip
,对于远程地址
也是如此。