nginx directives geo and map behind proxy

gogan nginx-forum at forum.nginx.org
Fri Mar 15 14:34:40 UTC 2019


Hi,

thanks for the response.

I try it with a short view.


Situation 1)

             Proxy (external, myracloud)		<--- Connect official way
		|
           LB/Proxy (internal)
		|
    w-1  w-2  w-3  ..  w10

Situation 2)

           LB/Proxy (internal)		<--- directly connect
		|
    w-1  w-2  w-3  ..  w10


In both situations I see real client IP addresses in server log on
webservers and proxy/loadbalancer.

In situation 1 traffic is general limited without exceptions. 
In situation 2 traffic is limited as expected, all is fine.

====== server.conf=====

limit_req_zone $botlimit zone=req_limit_per_login:10m rate=4r/s;

...

location ~ ^(/userzentrum/login).*$ {
    limit_req zone=req_limit_per_login;
    proxy_pass xxx_application;
    include /etc/nginx/proxy_params;
}

====nginx conf====

geo $limited {
  default 0;
  x.x.x.x 1;
}    
 
map $limited $botlimit {
  1 '';
  0 $remote_addr;
}

...

# get x-real-ip from myracloud
set_real_ip_from x.x.x.x;

real_ip_header   CF-Connecting-IP;
real_ip_recursive on;

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,283352,283396#msg-283396



More information about the nginx mailing list