Real IP not working?

pk899 nginx-forum at nginx.us
Sun Dec 4 19:16:22 UTC 2011


Alexander Kolesen Wrote:
-------------------------------------------------------
....
> in your location section with 'proxy_pass'
> directive 
> (or 'fastcgi_pass' or whatever you use).
> 
> Like the following:
> 
>     location / {
> ....
>         proxy_pass                
> http://<backend_ip>:<backend_port>;
>         proxy_set_header           Host           
>  $host;
> +       proxy_set_header           X-Real-IP      
>  $remote_addr;
> ....
>     }
> 
> Your mod_rpaf config have already correctly set up
> to handle X-Real-IP header 
> and consider it as the end user's IP.
> 
> Also, you shouldn't use the RPAFsethostname option
> turned 'On' unless you
> set X-Host header in the nginx config before
> passing request to backend. Just turn it 'Off'.




Thanks Alexander.  But this does not work. 

I commented all the "set_real_ip_from" in nginx config. Restarted nginx.


Now the "REMOTE_ADDR" in my php code inside Apache is just my server's
IP. So the real IP is not being passed. 

If I enable the "set_real_ip_from" inside nginx config, then my php code
sees the right REMOTE_ADDR. But the log messages inside Apache are wrong
even then....all from my own server IP. 

Anyway, my nginx "proxy.inc" is this: 


<code>
proxy_cache_bypass          $http_pragma  $http_authorization;
proxy_no_cache              $http_pragma  $http_authorization;
proxy_temp_file_write_size  512k;
proxy_pass_header           Set-Cookie;
proxy_redirect              off;
proxy_hide_header           Vary;
proxy_set_header            Accept-Encoding '';
proxy_set_header            Referer $http_referer;
proxy_set_header            Host   $host;
proxy_set_header            Cookie $http_cookie;       
proxy_set_header            X-Real-IP  $remote_addr;
proxy_set_header            X-Forwarded-Host $host;
proxy_set_header            X-Forwarded-Server $host;
proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
</code>


Any ideas? 



PS: I turned that RPAFsethostname off in apache. This seems harmless
enough.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219581,219594#msg-219594



More information about the nginx mailing list