我有以下
nginx.conf
并且在 access.log
中,我为每个请求得到 remote_addr
相同的 IP,这是我的虚拟机的 IP。
events{}
# See blow link for Creating NGINX Plus and NGINX Configuration Files
# https://docs.nginx.com/nginx/admin-guide/basic-functionality/managing-configuration-files/
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# The identifier Backend is internal to nginx, and used to name this specific upstream
upstream backend {
# BACKEND_HOST is the internal DNS name used by the Backend Service inside the Kubernetes cluster
# or in the services list of the docker-compose.
server ${BACKEND_HOST}:${BACKEND_PORT};
}
server {
listen ${NODE_PORT};
root /usr/share/nginx/html;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
location /api/ {
resolver 127.0.0.11;
#nginx will not crash if host is not found
# The following statement will proxy traffic to the upstream
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
但是,我需要在
remote_addr
字段中输入初始客户端 IP。我知道我可以使用变量realip_remote_addr
,但我想问是否有任何配置可以更改remote_addr
。这可能吗?
编辑:当我搜索更多相关信息时,我认为重要的是要提到我使用
docker-compose
将 nginx 作为前端服务的一部分运行。也许这和docker的网络有关
通常将这两个字段添加到请求头中就足够了:
proxy_set_header x-real-ip $remote_addr;
proxy_set_header X-forwarded-for $proxy_add_x_forwarded_for;
有关更多详细信息,请参阅proxy_set_header处的文档。
您的情况:
server {
listen ${NODE_PORT};
root /usr/share/nginx/html;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
location /api/ {
resolver 127.0.0.11;
#nginx will not crash if host is not found
# The following statement will proxy traffic to the upstream
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header x-real-ip $remote_addr;
proxy_set_header X-forwarded-for $proxy_add_x_forwarded_for;
}
}
我们必须了解该字段的重要性
remote_addr
,它告诉应用程序服务器在哪里响应,如果您覆盖此值,那么服务器将不会将响应传递到它来自的网络接口。因此,对于这个用例,您想要记录真实的客户端IP,请参考下面的代码片段,它可能会有所帮助:
events{}
# See blow link for Creating NGINX Plus and NGINX Configuration Files
# https://docs.nginx.com/nginx/admin-guide/basic-functionality/managing-configuration-files/
log_format logs_requested '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$request_time" "$upstream_response_time" "$pipe" "$http_x_forwarded_for"';
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# The identifier Backend is internal to nginx, and used to name this specific upstream
upstream backend {
# BACKEND_HOST is the internal DNS name used by the Backend Service inside the Kubernetes cluster
# or in the services list of the docker-compose.
server ${BACKEND_HOST}:${BACKEND_PORT};
}
server {
listen ${NODE_PORT};
access_log /var/log/nginx/access_logs.log logs_requested;
root /usr/share/nginx/html;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
location /api/ {
resolver 127.0.0.11;
#nginx will not crash if host is not found
# The following statement will proxy traffic to the upstream
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
在上面的代码片段中,
logs_requested
是根据自己的要求定义的log_format
。客户端 IP 信息可以在 http_x_forwarded_for
变量中查看,access_log /var/log/nginx/access_logs.log logs_requested
行包含在 server
块中,以这种 logs_requested
格式记录请求。
查看 Nginx 文档,了解如何设置访问日志所需的格式 https://docs.nginx.com/nginx/admin-guide/monitoring/logging/#access_log
更多信息: https://docs.splunk.com/Documentation/AddOns/released/NGINX/Setupv2
有关该主题的完整详细信息。
正确的方法是在服务器级别设置真实IP解析
这样做的好处。是让整个堆栈自然地工作而无需修改和整个堆栈。另外,如果您对堆栈进行修改。一切将继续工作,无需重新设置。
此外,使用此类
real-ip
模块会增加 trust security
。
如 Cloudflare 文档所述。旧的 Cloudflare 模块已弃用。并且您必须使用 Apache 和 Nginx 特定的专用模块。
https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/🔥 一本好书。
我在这里的回答显示了一个完整的示例并解释了细节,它又长又详细
🔥🔥 https://stackoverflow.com/a/76845593/7668448 🔥🔥
积分
$remote_addr
变量$proxy_add_x_forwarded_for
变量mod_remoteip
模块