nginx and thttpd + cgi, remote_addr = 127.0.0.1
francis at daoine.org
Wed Oct 26 13:02:58 UTC 2011
On Wed, Oct 26, 2011 at 02:17:37AM +0400, Кирюшкин Владимир wrote:
> 26.10.2011, 02:10, "Francis Daly" <francis at daoine.org>:
> > On Wed, Oct 26, 2011 at 01:11:40AM +0400, Кирюшкин Владимир wrote:
> > That should cause two variables HTTP_X_REAL_IP and HTTP_X_FORWARDED_FOR
> > to be visible in the CGI output.
> alas, no. the full output is (when using proxy):
Ah, this thttpd doesn't expose the full http header as HTTP_* environment
variables. So scratch that as a test.
> > That patch looks like it will write the value of the X-Forwarded-For
> > header into something internal to thttpd.
> yes, it is intended to change X-Forwarded-For into Remote-Addr, but seems that it doesn't work.
Test the thttpd side:
curl -H 'X-Forwarded-For: 127.0.0.2' http://[thttpd-server]/env.cgi
If you don't see REMOTE_ADDR=127.0.0.2, then your thttpd is not acting
as you expect. Nothing nginx can do can help you in that case.
And note what
curl -H 'X-Forwarded-For: 127.0.0.2, 127.0.0.3' http://[thttpd-server]/env.cgi
shows that is different.
If thttpd directly works (as above) and through nginx doesn't, then check
the nginx debug log to see what exactly nginx is sending to thttpd --
it'll be the line with
http script copy: "X-Forwarded-For: "
and the next line will show the value.
curl -H 'X-Forwarded-For: 127.0.0.2' http://[nginx-server]/env.cgi
> > If they are not what you expect, check what nginx is doing.
> how could i do that?
Overall, when I test here, it all works as expected, by which I mean:
when I access nginx on 10.0.2.15 which proxy_pass'es to thttpd on
127.0.0.1, I see REMOTE_ADDR=10.0.2.15
when I access nginx on 10.0.2.15 through any other proxy,
so that X-Forwarded-For is set before it gets to nginx, I see
This patch to thttpd seems to require that X-Forwarded-For contains
exactly one address, which means that you must not set it in nginx using
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
You'll instead want something like
proxy_set_header X-Forwarded-For $remote_addr;
with some careful thought about what to do if X-Forwarded-For was set
in the request to nginx.
Francis Daly francis at daoine.org
More information about the nginx