<- Back

Nginx配置 http从stream中获取真实客户端ip

Created at 2022-10-28 18:25:45

Last updated at 2022-10-28 18:25:45

4346 Clicks

将nginx作为webapp的前置端,使用nginx控制是否转发给webapp,还是转发给http服务。
其中分发的原来请自行搜索学习。

配置使用了nginx的stream等模块,在Ubuntu 20.04上的Nginx v.1.18.0(来自nginx官方apt源),所需的模块都启用了。

理论上就是通过proxy_protocol从stream将客户端ip传给http,在http的log_format中,将remote_addr更换成proxy_protocol_addr即可。

proxy_protocol在使用时注意,在输出时,使用"proxy_protocol on;"来配置,接受时在listen的末尾加上”proxy_protocol“即可。

但是webapp在接收tcp时,不能处理proxy_protocol,所以在转发给webapp之前,需要再将proxy_protocol去掉,只需多一步转发即可。

具体配置nginx.conf开头内容如下:

stream {
    log_format basic '$remote_addr - $remote_user [$time_local] '
                     '$protocol $status $bytes_sent $bytes_received '
                     '$session_time';
    map $ssl_preread_server_name $backend {
        webapp6.domain.com unix:/run/nginx-webapp-stream.sock;
        webapp.domain.com unix:/run/nginx-webapp-stream.sock;
        default 127.0.0.1:443;
    }
    server {
        listen unix:/run/nginx-webapp-stream.sock proxy_protocol;
        proxy_pass 127.0.0.1:8443;
    }
    server {
        listen 0.0.0.0:443;
        listen [::]:443;
        proxy_pass $backend;
        ssl_preread on;
        proxy_protocol on;
    }
}

http {
    log_format combined '$proxy_protocol_addr - $remote_user [$time_local] '
                        '"$request" $status $body_bytes_sent '
                        '"$http_referer" "$http_user_agent"';
    server {
        listen 127.0.0.1:80 proxy_protocol;
        listen [::1]:443 ssl proxy_protocol;
        ...
    }
}

Tags:ITNetworkUbuntuLinuxtrojanproxy

16 Comments

ronaldPlaub (ronaldGof@gmail.com)
#166

Также мы предлагаем оборудование для детских площадок, парков и скверов, которые сделают досуг подра

Created at 2024-03-27 01:15:03

JamesTus (xpamrcao@youremailglobal.com)
#165

Men dating men participation get a bang, consistency, and the belle of relationships in their own un

Created at 2024-03-26 23:58:06

Lyusyama (sugarwork78@gmail.com)
#164

Hello, dear friends! Are you on the lookout for a dependable and budget-friendly hosting provider

Created at 2024-03-12 01:37:37

MalcolmDot (no.reply.RichardJacobs@gmail.com)
#163

What’s up? owendswang.com Did you know that it is possible to send messages lawfully? We provid

Created at 2024-03-05 05:15:14

Ellami (ellami@metrobis.com)
#162

Hiǃ Ι aррlaud women who havе the courage tо еnϳom

Created at 2024-02-29 10:09:14

@ 2019-2024 OWENDSWANG
Contact me: owendswang@qq.com