Nginx 獲取真實IP地址
阿新 • • 發佈:2020-07-24
專案背景
Nginx 部署在 ECS上, ECS 前端有阿里雲 SLB 做負載,nginx 需要獲取客戶端的真實 IP 進行單獨限制
# 重新編譯 Nginx cd /data/tools/nginx-1.13.7 ./configure --prefix=/usr/local/nginx --with-threads --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_ssl_module make cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak pkill nginx cp objs/nginx /usr/local/nginx/sbin/ /usr/local/nginx/sbin/nginx -t /usr/local/nginx/sbin/nginx # 檢視是否成功 /usr/local/nginx/sbin/nginx -V
修改 Nginx 配置
cat a.klvchen.com.conf server { listen 80; server_name a.klvchen.com; client_max_body_size 100m; proxy_connect_timeout 180; proxy_read_timeout 180; location / { proxy_pass http://192.168.0.198:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; set_real_ip_from 0.0.0.0/0; # 額外增加的配置 real_ip_header X-Forwarded-For; # 額外增加的配置 allow 192.168.0.168; deny all; } }
可以在 Nginx access.log 中查到真實的客戶端IP已出來
tail -f /usr/local/nginx/logs/access.log