TechQA.

How to get real client ip when using upstreams on one server?

458 views Asked by At

I have a vps running nginx, with ngx_stream_ssl_preread_module I have made SSL and Non-SSL protocols work on the same port. When I checked the access.log, I found a lot of lines starting with 127.0.0.1. Obviously this is not a real client IP.

I tried to modify my nginx.conf, such as proxy_set_header, real_ip_header, set_real_ip_from 127.0.0.1, etc.,they have no effect.

This is my origianl stream configuration in nginx.conf.

stream {
    server {
    listen 443;
    ssl_preread on;
        proxy_pass $upstream;
    }

    map $ssl_preread_protocol $upstream {
    default shadowsocks;
    "TLSv1.1" https;
    "TLSv1.2" https;
    "TLSv1.3" https;
    }

    upstream shadowsocks {
        server 127.0.0.1:7890;
    }

    upstream https {
        server 127.0.0.1:8888;
    }
}
nginx
Original Q&A
1

There are 1 answers

2
gkivanov On

I would try setting the proxy headers as follows:

server {
    listen 443 ssl default_server;
    ssl_preread on;

    proxy_redirect off;

    location / {
        proxy_set_header  Host $host;
        proxy_set_header  X-Real-IP $remote_addr;
        proxy_set_header  X-Forwarded-Proto https;
        proxy_set_header  X-Forwarded-For $remote_addr;
        proxy_set_header  X-Forwarded-Host $remote_addr;
        proxy_pass $upstream;
    }
}

Related Questions in NGINX

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions