This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Other Technologies Server configuration Frontend nginx Backend Nginx server records the IP address of the original client ...
View: 15060|Reply: 0

[Web] The front-end nginx and back-end nginx server records the IP address of the original client

[Copy link]
Posted on 11/3/2014 9:53:23 AM | | |

This module allows us to change the client IP address value in the client request header (e.g., X-Real-IP or X-Forwarded-For).

    This feature is very useful for Nginx servers if Nginx works behind some Layer 7 load balancing proxies, because the local IP of the client request (that is, the client's request address) is added to the client IP address header when passing through the Layer 7 proxy, so that the backend Nginx can obtain the IP address value of the client. The module is not installed by default, so if you want to use the module, you need to add the --with-http_realip_module option when compiling the installation.

    The reason for using this module is that it allows the background server to record the IP address of the original client.

Configuration example
set_real_ip_from   192.168.1.0/24;
set_real_ip_from   192.168.2.1;
real_ip_header     X-Real-IP;


Fingers    Order

   The module provides only two instructions.

Instruction name: set_real_ip_from

Function: Specifying a trusted address through this command will be replaced with an exact IP address. Trusted Unix sockets can also be used from version 0.8.22 onwards. The IP set here refers to the frontendNginxVarnishorSquidofIPAddress.

Syntax: set_real_ip_from [the address| CIDR|" unix:"]

Default value: none

Usage environment: http, server, location

Instruction Name: real_ip_header

Function: This command is used to set which header to use to replace the IP address. If X-Forwarded-For is used, the module will replace the IP address of the front-end proxy with the last IP address in the X-Forwarded-For header.

Syntax: real_ip_header [X-Real-IP| X-Forwarded-For]

Default Value: real_ip_header X-Real-IP

Usage environment: http, server, location

Use Cases   

    In the following example, our environment is like this: there are two Nginx servers, one is the frontend and the other is the backend, the frontend Nginx is used as a proxy, and the backend Nginx is used to provide page access, and there is also a client with the following IP address:

  

    Frontend Nginx: 192.168.7.10

    Backend Nginx: 192.168.1.15

    Client host: 218.239.201.36

    The Nginx configuration on the frontend looks like this:

server {
  listen       80;
  server_name  www.xx.com;

location / {
    root   html;
    index  index.html index.htm;
charset       utf-8;
  }

location  /865 {
    proxy_pass   http://192.168.3.139:80/;
    proxy_set_header  X-Real-IP        $remote_addr;
    proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
proxy_set_header  Host             $host;
    proxy_redirect                     off;
  }

……
}

The Nginx configuration for the backend is as follows:

server {
  listen       80;
  server_name  localhost;

  location / {
    root   /var/www/html;
    index  index.html index.htm;
  }

Access the test

    If we access the http://www.xx.com/865, no problem, it can be a normal access, the access log is as follows:

    Logs from frontend Nginx:

218.239.201.36 - - [30/Aug/2011:16:09:56 +0800] "GET /865/ HTTP/1.1" 200 151 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 GTB7.1"

Logs from backend Nginx:

192.168.7.10 - - [30/Aug/2011:16:09:56 +0800] "GET // HTTP/1.0" 200 151 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 GTB7.1"

We see that the backend Nginx logs do not record the IP address of the original client, but the IP address of the frontend Nginx.

    If you modify the configuration of the background Nginx server to:

server {
  listen       80;
  server_name  localhost;
  set_real_ip_from   192.168.3.0/24;
set_real_ip_from   100.100.0.0/16;
  real_ip_header     X-Real-IP;

  location / {
    root   html;
    index  index.html index.htm;
  }

    ……
}

Then we do the access test again:

    Logs from frontend Nginx:

218.239.201.36 - - [30/Aug/2011:16:10:28 +0800 "GET /865/ HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 GTB7.1"

     Logs from backend Nginx:

218.239.201.36 - - [30/Aug/2011:16:10:28 +0800] "GET // HTTP/1.0" 304 0 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 GTB7.1"

It can be seen that this time the background records the IP address of the client.







Previous:nginx proxy mode, obtain the real IP address of the client
Next:Discuz! X3.1 All versions of X3 bypass attachment download permission without credits Unlimited download vulnerability

Related Posts
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com