Varnish + nginx with php and REMOTE_ADDR issue using http_realip_module
Flavio Torres
fla_torres at yahoo.com.br
Sat Jun 11 03:41:30 MSD 2011
Hello,
Please, I'm trying to use http_realip_module
(http://wiki.nginx.org/NginxHttpRealIpModule#real_ip_header) to get the
X-Forwarded-For IP in my .php, but I'm suspecting something is wrong,
because that looks like it should work.
My setup is:
LB > Varnish FE network pool (10.110.0.0/22) > Varnish BE - same server,
another iface - (10.214.0.0/22) > LB 10.214.0.0/22 > nginx BE pool
10.214.0.0/22
When I set:
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME
/net/nfs_parceiros_1/ftorres.com.br$fastcgi_script_name;
}
I get these values from my simple php test page:
<?php
echo '<table border="1">';
foreach($_SERVER as $k => $v) {
echo '<tr><td>'.$k.'</td><td>'.$v.'</td></tr>';
}
echo '</table>';
?>
SERVER_SOFTWARE nginx/0.8.53
REMOTE_ADDR 10.214.3.250
SERVER_ADDR 10.214.0.56
HTTP_X_FORWARDED_FOR 10.214.0.47
When I set:
location ~ \.php$ {
set_real_ip_from 10.214.0.0/22;
#set_real_ip_from 10.110.0.0/22;
real_ip_header X-Forwarded-For;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME
/net/nfs_parceiros_1/ftorres.com.br$fastcgi_script_name;
}
I get:
REMOTE_ADDR 10.110.3.250
SERVER_ADDR 10.214.0.56
HTTP_X_FORWARDED_FOR 10.214.0.48
Oops, now I can see 10.110.0.0/22 (my front end network), but nothing
about my x-forwarded-for, now I fixed it and add the FE network :
location ~ \.php$ {
add_header X-Fw-For $proxy_add_x_forwarded_for;
set_real_ip_from 10.214.0.0/22;
set_real_ip_from 10.110.0.0/22;
real_ip_header X-Forwarded-For;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME
/net/nfs_parceiros_1/ftorres.com.br$fastcgi_script_name;
}
Then, I get:
REMOTE_ADDR 10.110.3.250
SERVER_ADDR 10.214.0.56
HTTP_X_FORWARDED_FOR 10.214.0.46
Any of these configurations shown the X-forwarded-for at remote_addr
field, and the x-fw-for Header its working:
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 Jun 2011 23:27:19 GMT
Content-Type: text/html
Connection: keep-alive
*X-Fw-For: 200.226.123.253, 10.110.3.250, 10.110.3.250*
I fixed it adding the following configuration at fastcgi_param file:
set $addr $remote_addr;
if ($proxy_add_x_forwarded_for ~
"^(?:^|,)\s*(\d+\.\d+\.\d+\.\d+)\s*") {
set $addr $1;
}
fastcgi_param HTTP_X_FORWARDED_FOR $addr;
So Please, I'd like to know if http_realip_module is doing the job as it
should or if these fixed issue should be ok for what I'm trying do do.
Thanks and sorry about my english
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20110610/07e46d7c/attachment-0001.html>
More information about the nginx
mailing list