在仅支持 SSL 的网站上使用 NGINX 时遇到的问题

tag-icon tag-icon nginx ssl proxy
在仅支持 SSL 的网站上使用 NGINX 时遇到的问题

我已将网站配置为 100% SSL,并且该网站位于带有 NGINX 的 cPanel 服务器上。我能够让 SSL 部分正常工作,但报告的网站访问者 IP 地址是网站的 IP 地址,而不是访问者的 IP 地址。

当我获取 phpinfo 时,我可以看到 _SERVER["HTTP_X_FORWARDED_FOR"] 和 _SERVER["HTTP_X_REAL_IP"] 报告正确。当然,该软件使用 _SERVER["REMOTE_ADDR"] 来报告访问者的 IP 地址(我假设服务器日志也会使用它)。

这是我的虚拟主机配置:

server {
          error_log /var/log/nginx/vhost-error_log warn;
          listen XXX.XXX.XXX.XXX:80;
          listen [::]:80;
      return 301 https://$host$request_uri;
        }

server {
          error_log /var/log/nginx/vhost-error_log warn;
          listen XXX.XXX.XXX.XXX:443 ssl;
          listen [::]:443 ssl;
          ssl on;
          ssl_certificate /etc/nginx/ssl/bundle.crt;
          ssl_certificate_key  /etc/nginx/ssl/bundle.key;
      server_name thenameofmysite.com;
          access_log /usr/local/apache/domlogs/thenameofmysite.com-bytes_log bytes_log;
          access_log /usr/local/apache/domlogs/thenameofmysite.com combined;
          root /home/mysite/public_html;
          #location / {
          location ~*.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff)$ {
          expires 1M;
          try_files $uri @backend;
          }
          location / {
      error_page 405 = @backend;
          add_header X-Cache "HIT from Backend";
          proxy_pass http://XXX.XXX.XXX.XXX:8081;
          include proxy.inc;
      include microcache.inc;          
      }
          location @backend {
          internal;
          proxy_pass http://XXX.XXX.XXX.XXX:8081;
          include proxy.inc;
      include microcache.inc;
          }
          location ~ .*\.(php|jsp|cgi|pl|py)?$ {
          proxy_pass http://XXX.XXX.XXX.XXX:8081;
          include proxy.inc;
          include microcache.inc;
      }
          location ~ /\.ht {
          deny all;
          }
        }

文件 proxy.inc 包含以下内容:

proxy_read_timeout   600;
proxy_buffer_size    64k;
proxy_buffers     16 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_pass_header Set-Cookie;
proxy_redirect     off;
proxy_hide_header  Vary;
proxy_set_header   Accept-Encoding '';
proxy_ignore_headers Cache-Control Expires;
proxy_set_header   Referer $http_referer;
proxy_set_header   Host   $host;
proxy_set_header   Cookie $http_cookie;
proxy_set_header   X-Real-IP  $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
set_real_ip_from   204.93.240.0/24;
set_real_ip_from   204.93.177.0/24;
set_real_ip_from   199.27.128.0/21;
set_real_ip_from   173.245.48.0/20;
set_real_ip_from   103.21.244.0/22;
set_real_ip_from   103.22.200.0/22;
set_real_ip_from   103.31.4.0/22;
set_real_ip_from   141.101.64.0/18;
set_real_ip_from   108.162.192.0/18;
set_real_ip_from   190.93.240.0/20;
set_real_ip_from   188.114.96.0/20;  
set_real_ip_from   197.234.240.0/22;
set_real_ip_from   198.41.128.0/17;
set_real_ip_from   162.158.0.0/15;
real_ip_header     X-Forwarded-For;

任何帮助将不胜感激!!

答案1

当使用任何类型的代理或 CDN 时,这种情况很常见。只需将 nginx.conf 中的日志记录语句更改为类似以下内容,以包含 $http_x_forwarded_for

log_format  main  '$remote_addr - "$http_x_forwarded_for" - $remote_user [$time_local] "$host" "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$request_time" '
                  '"$upstream_cache_status" "$sent_http_content_encoding" ';

相关内容