Project

General

Profile

Feature #857

Displaying Remote IP Address for Reverse Proxied Nginx Sites

Added by Daniel Curtis about 8 years ago. Updated about 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Daniel Curtis
Category:
Web Server
Target version:
Website Hosting - Nginx
Start date:
10/11/2016
Due date:
% Done:

100%

Estimated time:
0.50 h
Spent time:
0.50 h

Description

One of my websites is reverse proxied through nginx to another nginx server. However when I check the log files on the nginx web server behind the reverse proxy, the connections show that they are coming from the proxy servers IP address and not the real remote hosts IP address.

Configure Reverse Proxy Frontend

  • Edit the reverse proxy nginx config:
    vi /usr/local/etc/nginx.conf
    • And add the set the following proxied header variables:
      worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

  server {
    listen 80;
    server_name www.example.com;
    access_log  /var/log/nginx/www.example.com-access.log;
    error_log  /var/log/nginx/www.example.com-error.log;

    location / {
      proxy_pass http://www.example.com;
      proxy_set_header    Host            $host;
      proxy_set_header    X-Real-IP       $remote_addr;
      proxy_set_header    X-Forwarded-for $remote_addr;
    }

    location ~ \.php {
      proxy_pass https://www.example.com;
      proxy_set_header    Host            $host;
      proxy_set_header    X-Real-IP       $remote_addr;
      proxy_set_header    X-Forwarded-for $remote_addr;
    }
  }
}
  • Restart the nginx reverse proxy:
    service nginx restart

Configure Website Backend

  • Edit the reverse proxy nginx config:
    vi /usr/local/etc/nginx.conf
    • And add the set_real_ip_from variable to the reverse proxy IP address:
      worker_processes  1;

events {
  worker_connections  1024;
}

http {
  include       mime.types;
  default_type  application/octet-stream;
  sendfile        on;
  keepalive_timeout  65;

  upstream php-handler {
    server unix:/var/run/php-fpm.sock;
  }

  server {
    listen 80;
    server_name www.example.com;
    access_log  /var/log/nginx/www.example.com-access.log;
    error_log  /var/log/nginx/www.example.com-error.log;

    set_real_ip_from 192.168.7.52;

    index index.php;

    location / {
      try_files $uri $uri/ /index.php;
    }

    location ~ \.php(?:$|/) {
      fastcgi_split_path_info ^(.+\.php)(/.+)$;
      include fastcgi_params;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      fastcgi_param PATH_INFO $fastcgi_path_info;
      fastcgi_pass php-handler;
      fastcgi_intercept_errors on;
    }
  }
}
  • Restart nginx server:
    service nginx restart

Resources

Also available in: Atom PDF