请教公网出入口不同的NAT VPS,Nginx如何获取到真实访客IP
2024/06/09 20:05:37
求大佬们指点,{:3_49:}
买了个鸡仔云,打算穿透家里的小鸡出来做后端。
已经用frp穿透到28000端口,
已知入口IP为:1.2.3.4
通过curl 测试IP得值:4.3.2.1
应该是出入口IP不同?
通过指定hosts访问测试站点,但查看日志,获取到的IP全都是4.3.2.1
如果启用"proxy_protocol"则浏览器无法访问,就注释了。
{:2_32:}
openresty即nginx加功能版,http配置里设置了
server配置如下
反代的location如下
买了个鸡仔云,打算穿透家里的小鸡出来做后端。
已经用frp穿透到28000端口,
已知入口IP为:1.2.3.4
通过curl 测试IP得值:4.3.2.1
应该是出入口IP不同?
通过指定hosts访问测试站点,但查看日志,获取到的IP全都是4.3.2.1
如果启用"proxy_protocol"则浏览器无法访问,就注释了。
{:2_32:}
openresty即nginx加功能版,http配置里设置了
- set_real_ip_from 0.0.0.0/0; real_ip_header X-Forwarded-For;
server配置如下
- server { listen 80 ; listen 443 ssl http2 ; # 启用代理协议 #listen 80 proxy_protocol ; #listen 443 ssl http2 proxy_protocol ; server_name cq.abc.local; index index.php index.html index.htm default.php default.htm default.html; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Real-IP $remote_addr; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # 配置用于获取真实客户端IP的头信息 #real_ip_header proxy_protocol; real_ip_recursive on; # access_log /www/sites/cq.abc.local/log/access.log; error_log /www/sites/cq.abc.local/log/error.log; location ^~ /.well-known/acme-challenge { allow all; root /usr/share/nginx/html; } root /www/sites/cq.abc.local/index; if ($scheme = http) { return 301 https://$host$request_uri; } ssl_certificate /www/sites/cq.abc.local/ssl/fullchain.pem; ssl_certificate_key /www/sites/cq.abc.local/ssl/privkey.pem; ssl_protocols TLSv1.3; ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; add_header Strict-Transport-Security "max-age=31536000"; error_page 497 https://$host$request_uri; proxy_set_header X-Forwarded-Proto https; ssl_stapling on; ssl_stapling_verify on; include /www/sites/cq.abc.local/proxy/*.conf; }
反代的location如下
- location ^~ / { proxy_pass https://127.0.0.1:28000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; add_header X-Cache $upstream_cache_status; add_header Strict-Transport-Security "max-age=31536000"; add_header Cache-Control no-cache; # 禁用缓存 proxy_cache off; # Disable buffering when the nginx proxy gets very resource heavy upon streaming proxy_buffering off; }