Varnish + nginx with php and REMOTE_ADDR issue using http_realip_module

Flavio Torres fla_torres at yahoo.com.br
Sat Jun 11 03:41:30 MSD 2011


Hello,

Please, I'm trying to use http_realip_module
(http://wiki.nginx.org/NginxHttpRealIpModule#real_ip_header) to get the
X-Forwarded-For IP in my .php, but I'm suspecting something is wrong,
because that looks like it should work.

My setup is:

LB > Varnish FE network pool (10.110.0.0/22) > Varnish BE - same server,
another iface - (10.214.0.0/22) > LB 10.214.0.0/22 > nginx BE pool
10.214.0.0/22

When I set:

        location ~ \.php$ {
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_index index.php;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME
/net/nfs_parceiros_1/ftorres.com.br$fastcgi_script_name;
        }


I get these values from my simple php test page:

<?php
    echo '<table border="1">';

    foreach($_SERVER as $k => $v) {
        echo '<tr><td>'.$k.'</td><td>'.$v.'</td></tr>';
    }
    echo '</table>';
?>



SERVER_SOFTWARE    nginx/0.8.53
REMOTE_ADDR    10.214.3.250
SERVER_ADDR    10.214.0.56
HTTP_X_FORWARDED_FOR    10.214.0.47


When I set:

        location ~ \.php$ {

                set_real_ip_from 10.214.0.0/22;
                #set_real_ip_from 10.110.0.0/22;
                real_ip_header X-Forwarded-For;
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_index index.php;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME
/net/nfs_parceiros_1/ftorres.com.br$fastcgi_script_name;
        }

I get:

REMOTE_ADDR    10.110.3.250
SERVER_ADDR    10.214.0.56
HTTP_X_FORWARDED_FOR    10.214.0.48


Oops, now I can see 10.110.0.0/22 (my front end network), but nothing
about my x-forwarded-for, now I fixed it and add the FE network :

        location ~ \.php$ {

                add_header X-Fw-For $proxy_add_x_forwarded_for;
                set_real_ip_from 10.214.0.0/22;
                set_real_ip_from 10.110.0.0/22;
                real_ip_header X-Forwarded-For;
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_index index.php;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME
/net/nfs_parceiros_1/ftorres.com.br$fastcgi_script_name;
        }



Then, I get:

REMOTE_ADDR    10.110.3.250
SERVER_ADDR    10.214.0.56
HTTP_X_FORWARDED_FOR    10.214.0.46


Any of these configurations shown the X-forwarded-for at remote_addr
field, and the x-fw-for Header its working:

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 Jun 2011 23:27:19 GMT
Content-Type: text/html
Connection: keep-alive
*X-Fw-For: 200.226.123.253, 10.110.3.250, 10.110.3.250*


I fixed it adding the following configuration at fastcgi_param file:

                set  $addr  $remote_addr;
                if ($proxy_add_x_forwarded_for ~
"^(?:^|,)\s*(\d+\.\d+\.\d+\.\d+)\s*") {
                        set  $addr  $1;
                }

fastcgi_param  HTTP_X_FORWARDED_FOR    $addr;

So Please, I'd like to know if http_realip_module is doing the job as it
should or if these fixed issue should be ok for what I'm trying do do.

Thanks and sorry about my english


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20110610/07e46d7c/attachment-0001.html>


More information about the nginx mailing list