我有这个 nginx 配置
upstream xxx {
server 127.0.0.1:12123;
}
error_log /home/web/.log/error.log;
server {
listen 4567;
server_name mydomain "" _;
root /tmp/xxx/public;
error_log /tmp/xxx.error.log;
error_page 500 502 503 504 /502.html;
location / {
try_files $uri/index.html $uri @pukis;
}
location @pukis {
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header x-forwarded-proto $scheme;
proxy_set_header host $http_host;
proxy_set_header x-real-ip $remote_addr;
proxy_set_header http-client-ip $remote_addr;
proxy_pass http://xxx;
}
}
例如,当从另一个 IP 访问时10.7.7.7
,它仍会显示其主机 ip ( 10.0.2.2
) x-forwarded-for
,x-real-ip
并且http-client-ip
我的 nginx 版本nginx/1.8.0
"X-Real-Ip": {"10.0.2.2"},
"User-Agent": {"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36"},
"Accept-Language": {"en-US,en;q=0.8,id;q=0.6"},
"X-Forwarded-For": {"10.0.2.2"},
"Http-Client-Ip": {"10.0.2.2"},
"Connection": {"close"},
"Cache-Control": {"max-age=0"},
"Accept": {"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"},
"Accept-Encoding": {"gzip, deflate, sdch"},
"X-Forwarded-Proto": {"http"},
我在 virtualbox 中使用 nat 模式(主机:10.0.2.2
,客户机10.0.2.15
:)和端口转发,有什么其他方法可以解决这个问题?
连接:
客户机/linux (10.0.2.15) <-NAT-> (10.0.2.2) 主机/win (172.16.10.100) <--> (172.16.10.2) 路由器
主机/win的路由表:
===========================================================================
Interface List
22...40 f2 e9 34 d7 f3 ......Hyper-V Virtual Ethernet Adapter #2
23...08 00 27 00 d8 17 ......VirtualBox Host-Only Ethernet Adapter
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.10.2 172.16.10.100 261
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
172.16.10.0 255.255.255.0 On-link 172.16.10.100 261
172.16.10.100 255.255.255.255 On-link 172.16.10.100 261
172.16.10.255 255.255.255.255 On-link 172.16.10.100 261
192.168.56.0 255.255.255.0 On-link 192.168.56.1 276
192.168.56.1 255.255.255.255 On-link 192.168.56.1 276
192.168.56.255 255.255.255.255 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 172.16.10.100 261
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.56.1 276
255.255.255.255 255.255.255.255 On-link 172.16.10.100 261
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 172.16.10.2 256
0.0.0.0 0.0.0.0 172.16.10.2 Default
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
23 276 fe80::/64 On-link
22 261 fe80::/64 On-link
22 261 fe80::2477:8ab2:4d76:a579/128
On-link
23 276 fe80::a0ca:7a7f:8ee0:49c8/128
On-link
1 306 ff00::/8 On-link
23 276 ff00::/8 On-link
22 261 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
guest/linux的路由表:
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.2.2 0.0.0.0 UG 202 0 0 enp0s3
10.0.2.0 0.0.0.0 255.255.255.0 U 202 0 0 enp0s3
答案1
这样做是可行的,因为现在客户端 IP 不会被别名
./vboxmanage modifyvm XXX --nataliasmode1 proxyonly
其中 XXX 是区分大小写的虚拟机名称。