Welcome! Log In Create A New Profile

Advanced

Varnish + nginx with php and REMOTE_ADDR issue using http_realip_module

Previous Message Next Message
Forum List Message List New Topic Print View
Flavio Torres
June 10, 2011 07:42PM
Hello,

Please, I'm trying to use http_realip_module
(http://wiki.nginx.org/NginxHttpRealIpModule#real_ip_header) to get the
X-Forwarded-For IP in my .php, but I'm suspecting something is wrong,
because that looks like it should work.

My setup is:

LB > Varnish FE network pool (10.110.0.0/22) > Varnish BE - same server,
another iface - (10.214.0.0/22) > LB 10.214.0.0/22 > nginx BE pool
10.214.0.0/22

When I set:

location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME
/net/nfs_parceiros_1/ftorres.com.br$fastcgi_script_name;
}


I get these values from my simple php test page:

<?php
echo '<table border="1">';

foreach($_SERVER as $k => $v) {
echo '<tr><td>'.$k.'</td><td>'.$v.'</td></tr>';
}
echo '</table>';
?>



SERVER_SOFTWARE nginx/0.8.53
REMOTE_ADDR 10.214.3.250
SERVER_ADDR 10.214.0.56
HTTP_X_FORWARDED_FOR 10.214.0.47


When I set:

location ~ \.php$ {

set_real_ip_from 10.214.0.0/22;
#set_real_ip_from 10.110.0.0/22;
real_ip_header X-Forwarded-For;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME
/net/nfs_parceiros_1/ftorres.com.br$fastcgi_script_name;
}

I get:

REMOTE_ADDR 10.110.3.250
SERVER_ADDR 10.214.0.56
HTTP_X_FORWARDED_FOR 10.214.0.48


Oops, now I can see 10.110.0.0/22 (my front end network), but nothing
about my x-forwarded-for, now I fixed it and add the FE network :

location ~ \.php$ {

add_header X-Fw-For $proxy_add_x_forwarded_for;
set_real_ip_from 10.214.0.0/22;
set_real_ip_from 10.110.0.0/22;
real_ip_header X-Forwarded-For;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME
/net/nfs_parceiros_1/ftorres.com.br$fastcgi_script_name;
}



Then, I get:

REMOTE_ADDR 10.110.3.250
SERVER_ADDR 10.214.0.56
HTTP_X_FORWARDED_FOR 10.214.0.46


Any of these configurations shown the X-forwarded-for at remote_addr
field, and the x-fw-for Header its working:

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 Jun 2011 23:27:19 GMT
Content-Type: text/html
Connection: keep-alive
*X-Fw-For: 200.226.123.253, 10.110.3.250, 10.110.3.250*


I fixed it adding the following configuration at fastcgi_param file:

set $addr $remote_addr;
if ($proxy_add_x_forwarded_for ~
"^(?:^|,)\s*(\d+\.\d+\.\d+\.\d+)\s*") {
set $addr $1;
}

fastcgi_param HTTP_X_FORWARDED_FOR $addr;

So Please, I'd like to know if http_realip_module is doing the job as it
should or if these fixed issue should be ok for what I'm trying do do.

Thanks and sorry about my english


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Varnish + nginx with php and REMOTE_ADDR issue using http_realip_module

Flavio Torres June 10, 2011 07:42PM

Re: Varnish + nginx with php and REMOTE_ADDR issue using http_realip_module

Maxim Dounin June 10, 2011 09:14PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 266
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready