在一台服务器上使用上游时如何获得真实的客户端 IP?
[英]How to get real client ip when using upstreams on one server?
问题描述
I have a vps running nginx, with ngx_stream_ssl_preread_module I have made SSL and Non-SSL protocols work on the same port.
我有一个运行 nginx 的 vps,使用 ngx_stream_ssl_preread_module 我让 SSL 和非 SSL 协议在同一个端口上工作。 When I checked the access.log, I found a lot of lines starting with 127.0.0.1.查了access.log,发现有很多127.0.0.1开头的行。 Obviously this is not a real client IP.显然,这不是真正的客户端 IP。
I tried to modify my nginx.conf, such as proxy_set_header, real_ip_header, set_real_ip_from 127.0.0.1, etc.,they have no effect.我尝试修改我的nginx.conf,比如proxy_set_header、real_ip_header、set_real_ip_from 127.0.0.1等,都没有效果。
This is my origianl stream configuration in nginx.conf.这是我在 nginx.conf 中的原始流配置。
stream {
server {
listen 443;
ssl_preread on;
proxy_pass $upstream;
}
map $ssl_preread_protocol $upstream {
default shadowsocks;
"TLSv1.1" https;
"TLSv1.2" https;
"TLSv1.3" https;
}
upstream shadowsocks {
server 127.0.0.1:7890;
}
upstream https {
server 127.0.0.1:8888;
}
}
1 个解决方案
解决方案1
1 2019-01-18 15:55:28
I would try setting the proxy headers as follows:我会尝试设置代理标头如下:
server {
listen 443 ssl default_server;
ssl_preread on;
proxy_redirect off;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $remote_addr;
proxy_pass $upstream;
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.