nginx and thttpd + cgi, remote_addr = 127.0.0.1
Igor Sysoev
igor at sysoev.ru
Wed Oct 26 14:26:53 UTC 2011
On Wed, Oct 26, 2011 at 01:11:40AM +0400, Кирюшкин Владимир wrote:
> Hello,
>
> i have an issue with getting users' real IP. I am using nginx as frontend with thttpd as backend. I've added such options to my default server in nginx config:
>
> location ~ \.cgi|pl$ {
> proxy_pass http://127.0.0.1:8000;
> include /etc/nginx/proxy.conf;
> }
>
> /etc/nginx/proxy.conf has such options among others:
>
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>
> and I have patched latest thttpd (http://www.acme.com/software/thttpd/thttpd-2.25b.tar.gz) with this patch: http://wiki.nginx.org/ThttpdRealIP
> also i had to rename "getline" to "mygetline" in thttpd-2.25b/extras/htpasswd.c because i was getting an error "htpasswd.c:52: error: conflicting types for 'getline'" during compilation.
>
> the whole thttpd config is:
>
> host=127.0.0.1
> port=8000
> dir=/var/www/default
> user=www-data
> cgipat=**.cgi|**.pl
> vhost
> charset=utf-8
> logfile=/var/log/thttpd.log
> pidfile=/var/run/thttpd.pid
>
>
> after installing and starting both webservers I saved this script as index.cgi and opened it in browser(i'm using Opera):
>
> #!/bin/sh
> echo "Content-type: text/html; charset=UTF-8";
> echo;
> echo "i am cgi script<br><br>";
> echo "env: <br><br>";
> env
>
> when I opened it with Opera Turbo enabled (thus using Opera's proxy server), I see output like this:
>
> . .
> GATEWAY_INTERFACE=CGI/1.1 REMOTE_ADDR=127.0.0.1 HTTP_USER_AGENT=Opera/9.80 (X11; Linux i686; U; ru) Presto/2.9.168 Version/11.51 . . .
>
> and when I open it without Opera Turbo (with my real IP), I'm getting my real IP in the output (a part was hidden):
>
> . .
> GATEWAY_INTERFACE=CGI/1.1 REMOTE_ADDR=178.177.***.*** HTTP_USER_AGENT=Opera/9.80 (X11; Linux i686; U; ru) Presto/2.9.168 Version/11.51 . . .
>
> what could I have done wrong with configuration?
>
> //Jef, sorry for CC, but I don't know the cause of this issue, and it still could be thttpd. though i hope it's just my hands :)
You may want to use mini_httpd instead of thttpd.
There is patch to support "X-Real-IP" header in mini_httpd:
http://mailman.nginx.org/pipermail/nginx/2010-October/023292.html
--
Igor Sysoev
More information about the nginx
mailing list