Nginx removes X-Client-IP header added by loadbalancer

mrtn nginx-forum at nginx.us
Mon Dec 10 01:30:39 UTC 2012 

Hello Maxim,

Thanks for the suggestion. I checked my Haproxy config again, and this is
what I use for adding the 'X-Client-IP' header:

option forwardfor header X-Client-IP

In addition, if Haproxy is passing header things like 'X-Client_IP', then
why is that the requests routed directly to Tornado (not via Nginx) contain
the correct header 'X-Client-IP'? It seem like something happens when the
requests go through nginx and the header is dropped.

Below is part of my nginx config, and the last location block is the
relevant one here.

worker_processes 2;
pid /var/run/nginx.pid;
daemon off;

events {
        worker_connections  1024;
}

http {
        include                 /etc/nginx/mime.types;
        default_type            application/octet-stream;

        sendfile                on;
        tcp_nodelay             on;
        tcp_nopush              on;
        client_body_timeout     10;
        client_header_timeout   10;
        keepalive_timeout       15;
        send_timeout            15;
        server_tokens           off;
        gzip                    on;
        gzip_http_version       1.1;
        gzip_comp_level         3;
        gzip_types              text/plain text/css
                                application/x-javascript
                                application/xml application/xml+rss
                                text/javascript;
        log_format      mylog       '$remote_addr - $remote_user
[$time_local] "$request" $status $sent_http_content_type $body_bytes_sent
"$http_referer" "$http_user_agent"';

        server {
            listen                      8484;
            server_name                 www.mysite.com mysite.com;
            access_log                 
/home/www-data/logs/nginx_www_access.log;
            error_log                  
/home/www-data/logs/nginx_www_error.log debug;
            error_page                  404             /404.html;
            error_page                  502 503 504     /50x.html;
            error_page                  403             /forbidden.html;

            root                       
/home/www-data/tornado/mysite/static;

            if ( $http_referer ~*
(babes|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|sex|teen|video|webcam)
) {
                return 405;
            }

            location ~* (\.jpg|\.png|\.css|\.js|\.html)$ {
                valid_referers none blocked www.mysite.com static.mysite.com
mysite.com;
                if ($invalid_referer) { return 405; }
            }

           location ^~ /doc/read/ {
                if ($uri ~* (\.jpg|\.png|\.css|\.js|\.html)$) { return 404;
}
                if ($uri !~* /doc/read/[a-zA-Z0-9_-]+/[0-9]+$) { return 404;
}
                #if ($http_cookie !~* "subject=[.]+") { return 404; }
                proxy_pass              http://127.0.0.1:8080;
                proxy_redirect          off;
            }
      }
}

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233736,233770#msg-233770

More information about the nginx mailing list