all visitor have same IP (my server IP)
Ruslan Ermilov
ru at nginx.com
Wed Apr 11 05:24:28 UTC 2012
On Wed, Apr 11, 2012 at 12:50:59AM -0400, activa wrote:
> i'm using nginx as proxy fro apache .
>
> my users ask why 90% of thier vistors has the same IP of the servers .
>
> and some php application block the server IP adresse as flood ip .
>
> [root at server4 ]# netstat -lanp | grep :8081 | awk '{print $5}' | cut -d:
> -f1 | sort | uniq -c | sort -n
> 1 0.0.0.0
> 3 127.0.0.1
> 1588 xxx.xxx.xxx.xxx (this is server ip)
>
>
> [root at server4 ]# netstat -lanp | grep :80 | awk '{print $5}' | cut -d:
> -f1 | sort | uniq -c | sort -n
> 1 94.111.122.97
> 2 150.70.172.203
> 2 197.162.58.71
> 2 41.141.1.104
> 2 41.250.191.48
> 2 41.250.200.157
> 3 0.0.0.0
> 3 196.217.214.235
> 3 41.137.75.212
> 3 41.248.144.207
> 3 41.92.15.186
> 4 41.250.91.158
> 5 196.12.254.12
> 6 37.105.108.27
> 6 41.143.100.215
> 7 41.141.169.127
> 9 197.194.27.175
> 9 67.167.101.181
> 1679 xxx.xxx.xxx.xxx (this is server ip)
>
> the RPAF configurations well done (include the ip servers) .
>
> nginx 1.1.18 config
>
> user nobody;
> # no need for more workers in the proxy mode
> worker_processes 2;
> error_log /var/log/nginx/error.log info;
> worker_rlimit_nofile 20480;
> events {
> worker_connections 5120; # increase for busier servers
> use epoll; # you should use epoll here for Linux kernels 2.6.x
> }
> http {
> server_name_in_redirect off;
> server_names_hash_max_size 10240;
> server_names_hash_bucket_size 1024;
> include mime.types;
> default_type application/octet-stream;
> server_tokens off;
> sendfile on;
> tcp_nopush on;
> tcp_nodelay on;
> keepalive_timeout 5;
> gzip on;
> gzip_vary on;
> gzip_disable "MSIE [1-6]\.";
> gzip_proxied any;
> gzip_http_version 1.1;
> gzip_min_length 1000;
> gzip_comp_level 6;
> gzip_buffers 16 8k;
> # You can remove image/png image/x-icon image/gif image/jpeg if you have
> slow CPU
> gzip_types text/plain text/xml text/css application/x-javascript
> application/xml image/png image/x-icon image/gif image/jpeg
> application/xml+rss text/javascript application/atom+xml;
> ignore_invalid_headers on;
> client_header_timeout 3m;
> client_body_timeout 3m;
> send_timeout 3m;
> reset_timedout_connection on;
> connection_pool_size 256;
> client_header_buffer_size 256k;
> large_client_header_buffers 4 256k;
> client_max_body_size 200M;
> client_body_buffer_size 128k;
> request_pool_size 32k;
> output_buffers 4 32k;
> postpone_output 1460;
> proxy_temp_path /tmp/nginx_proxy/;
> client_body_in_file_only on;
> disable_symlinks if_not_owner;
> log_format bytes_log "$msec $bytes_sent .";
> include "/etc/nginx/vhosts/*";
> }
>
>
>
> is this have relation to mod realip ?
>
> any solution to make nginx forward the proccess with the visitor ip not
> with the server ip ?
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#variables
More information about the nginx
mailing list