请教公网出入口不同的NAT VPS,Nginx如何获取到真实访客IP

查看 40|回复 1
作者:老仙   
求大佬们指点,
买了个鸡仔云,打算穿透家里的小鸡出来做后端。
已经用frp穿透到28000端口,
已知入口IP为:1.2.3.4
通过curl 测试IP得值:4.3.2.1
应该是出入口IP不同?

通过指定hosts访问测试站点,但查看日志,获取到的IP全都是4.3.2.1
如果启用"proxy_protocol"则浏览器无法访问,就注释了。


openresty即nginx加功能版,http配置里设置了
[ol]    set_real_ip_from 0.0.0.0/0;
    real_ip_header X-Forwarded-For; [/ol]复制代码
server配置如下
[ol]server {
    listen 80 ;
    listen 443 ssl http2 ;
    # 启用代理协议
    #listen 80 proxy_protocol ;
    #listen 443 ssl http2 proxy_protocol ;
    server_name cq.abc.local;
    index index.php index.html index.htm default.php default.htm default.html;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    # 配置用于获取真实客户端IP的头信息
    #real_ip_header proxy_protocol;
    real_ip_recursive on;
    #
    access_log /www/sites/cq.abc.local/log/access.log;
    error_log /www/sites/cq.abc.local/log/error.log;
    location ^~ /.well-known/acme-challenge {
        allow all;
        root /usr/share/nginx/html;
    }
    root /www/sites/cq.abc.local/index;
    if ($scheme = http) {
        return 301 https://$host$request_uri;
    }
    ssl_certificate /www/sites/cq.abc.local/ssl/fullchain.pem;
    ssl_certificate_key /www/sites/cq.abc.local/ssl/privkey.pem;
    ssl_protocols TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";
    error_page 497 https://$host$request_uri;
    proxy_set_header X-Forwarded-Proto https;
    ssl_stapling on;
    ssl_stapling_verify on;
    include /www/sites/cq.abc.local/proxy/*.conf;
}[/ol]复制代码
反代的location如下
[ol]location ^~ / {
    proxy_pass https://127.0.0.1:28000;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_http_version 1.1;
    add_header X-Cache $upstream_cache_status;
    add_header Strict-Transport-Security "max-age=31536000";
    add_header Cache-Control no-cache;
    # 禁用缓存
    proxy_cache off;
    # Disable buffering when the nginx proxy gets very resource heavy upon streaming
    proxy_buffering off;
}[/ol]复制代码

出入口, 代码, 公网

老仙
OP
  
dddddddddddd
您需要登录后才可以回帖 登录 | 立即注册

返回顶部