gpt4 book ai didi

varnish - 无法从 nginx/varnish 获取真实 IP 以传递,始终显示 127.0.0.1

转载 作者:行者123 更新时间:2023-12-03 17:45:24 25 4
gpt4 key购买 nike

我想让真实 IP 显示在服务器/magento 中,但它一直回落到 127.0.0.1

服务器设置如下:- 在端口 80 上监听 Varnish- Nginx 监听 8080 端口- SSL 流量被传递到端口 80它到达的最终网站是 magento 2 网站

Nginx 是 1.14.0 版本,有 with-http_realip_module

我的 Nginx 服务器 block 如下:

upstream fastcgi_backend {
server unix:/var/run/php/php7.2-fpm-magento.sock;
}

server {
listen 8080;
server_name example.example.com;

set $MAGE_ROOT /opt/magento/public_html;
set $MAGE_MODE developer; # or production

include snippets/letsencrypt.conf;
include /opt/magento/public_html/nginx.conf.sample;
error_log /var/log/nginx/example.example.com-8080-error.log;
access_log /var/log/nginx/example.example.com-8080access.log;
}

server {
listen 443 ssl http2;
server_name example.example.com;

ssl_certificate /etc/letsencrypt/live/example.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example.example.com/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;

location / {
proxy_pass http://localhost:80;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
}
access_log /var/log/nginx/example.example.com-443access.log;
error_log /var/log/nginx/example.example.com-443error.log;
}

我的 Nginx 访问日志 (8080access.log) 显示所有条目都是 127.0.0.1错误日志 (8080-error.log) 还显示客户端的 127.0.0.1SSL 流量,443 日志,显示的是实际 IP。

下面是我的 Nginx 配置输出:

配置参数:--with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-FIJPpj/nginx-1.14.0=。 -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl ,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http- proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with -threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_fi lter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module

我尝试将以下代码添加到/etc/nginx/nginx.conf

set_real_ip_from   127.0.0.1;
real_ip_header X-Forwarded-For;

和 设置 req.http.X-Forwarded-For = client.ip;到/etc/varnish/default.vcl,但由于它是 Varnish 的 magento 特定版本,我将其放置如下:

sub vcl_recv {
set req.http.X-Forwarded-For = client.ip;
if (req.method == "PURGE") {
if (client.ip !~ purge) {
return (synth(405, "Method not allowed"));
}
# To use the X-Pool header for purging varnish during automated deployments, make sure the X-Pool header
# has been added to the response in your backend server config. This is used, for example, by the
# capistrano-magento2 gem for purging old content from varnish during it's deploy routine.
if (!req.http.X-Magento-Tags-Pattern && !req.http.X-Pool) {
return (synth(400, "X-Magento-Tags-Pattern or X-Pool header required"));

重新启动这两个服务后,我在日志和 Magento 2 中仍然得到相同的 127.0.0.1。

我很困惑,所以感谢任何帮助!

最佳答案

我想通了,必须将以下内容添加到服务器 block :

set_real_ip_from 10.0.0.0/8; #your ip
real_ip_header X-Real-IP;
real_ip_recursive on;

原始答案在这里找到: https://calvin.me/forward-ip-addresses-when-using-nginx-proxy/

关于varnish - 无法从 nginx/varnish 获取真实 IP 以传递,始终显示 127.0.0.1,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56534504/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com