Home > Others

How to get users in the background Web application after using Nginx reverse proxy ip__web

Source: Internet
Author: User
Tags rfc nginx server nginx reverse proxy
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Problem Background

In the practical application, we may need to obtain the user's IP address, for example makes the remote landing the judgment, or the statistics IP accesses the frequency and so on, usually we use the request. Remoteaddr can get to the client IP, but when we use the Nginx as a reverse proxy, use request. Remoteaddr gets the IP address of the Nginx server, then what should be done.

principle Explanation

After the reverse proxy, because the client and the Web server between the increase in the middle tier, so the Web server can not directly get the client IP, through the $REMOTE_ADDR variable will be the reverse proxy server IP address.

When you use the Nginx reverse server, use request on the Web side. Remoteaddr (in essence, get $remote_addr), get the Nginx address, that is, the $REMOTE_ADDR variable is encapsulated in the Nginx address, of course, can not get the user's real IP, but, Nginx is able to obtain the user's real IP, that is, nginx use $REMOTE_ADDR variables to obtain the user's real IP, if we want to get the user's real IP on the web, we have to do an assignment here Nginx, as follows:
Proxy_set_header x-real_ip $remote _addr;
The X-REAL_IP is a custom variable name, the name can be arbitrarily taken, so that after the user's real IP is placed in the X-REAL_IP variable, and then, on the web side can be obtained:
Request. Header.get ("X-real_ip")


Here we will explain the relevant variables in Nginx, and usually we will see some configuration

server {
	listen       ;
	server_name  localhost;
	#charset Koi8-r;
	#access_log  logs/host.access.log  main;
	Location/{
		root   html;
		Index  index.html index.htm;
		Proxy_pass                  http://backend; 
		Proxy_redirect off              ;
		Proxy_set_header            Host $host;
		Proxy_set_header            x-real-ip $remote _addr;
		Proxy_set_header            x-forwarded-for $proxy _add_x_forwarded_for;
		# proxy_set_header            x-forwarded-for $http _x_forwarded_for
	}
}
1. Proxy_set_header x-real_ip $remote _addr;
This sentence has been explained before, with this sentence can be on the Web server to obtain the user's real IP
But, in fact, to get the user's real IP, not only this method, we continue to see below.

2. Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
Let's take a look at the x-forwarded-for variable, a non-RFC standard developed by squid, to identify a client address that is connected to a Web server via an HTTP proxy or load Balancer original IP, if there is a x-forwarded-for setting , each pass proxy forwarding will have records, format is CLIENT1, Proxy1, Proxy2, separated by commas each address, because he is a non-RFC standard, so the default is not, need to force add, by default, by proxy forwarding request, At the back end it appears that the remote address is the IP of the proxy end. In other words, we use request by default. Header.get ("X-forwarded-for") can not get the user's IP, if we want to get the user's IP through this variable, we need to add the following configuration in Nginx:
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
It means to add a $proxy_add_x_forwarded_for to the x-forwarded-for, note that it is added, not overwritten, of course because the default X-forwarded-for value is empty, So we always feel that the value of x-forwarded-for is equal to $proxy_add_x_forwarded_for value, actually when you build two nginx on different IP, and all use this configuration, Then you will find that the request is passed on the Web server side. Header.get ("X-forwarded-for") will get the client IP and the first nginx IP.

Then what is $proxy_add_x_forwarded_for.
The $proxy _add_x_forwarded_for variable contains the "X-forwarded-for" in the client request header, separated from the $remote_addr in two parts.
For example, there is a Web application that passed two Nginx forwards before it, where the user accesses the web through two nginx.
In the first nginx, use
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
Now the "x-forwarded-for" portion of the $proxy_add_x_forwarded_for variable is empty, so only the $remote_addr, and the $REMOTE_ADDR value is the user's IP, and then after the assignment, The value of the x-forwarded-for variable is the real IP address of the user.

To the second nginx, use
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
Now the $proxy_add_x_forwarded_for variable, x-forwarded-for part contains the user's real IP, $remote the _addr part of the value is the previous Nginx IP address, Then the value of x-forwarded-for after this assignment becomes the "User's real IP, the first nginx IP".

Finally we see that there is also a $http_x_forwarded_for variable, this variable is x-forwarded-for, because before we said that the default of this x-forwarded-for is empty, so when we directly use the proxy_set_ Header x-forwarded-for $http _x_forwarded_for will find that the Web server side uses request. The value obtained by Header.get ("x-forwarded-for") is null. If you want to pass the request. Header.get ("x-forwarded-for") access to User IP, you must first use the Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for; So you can get the user's real IP.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
aws nginx reverse proxy how to create web application in eclipse using tomcat configure nginx as reverse proxy how to develop web application in php application request routing reverse proxy how to make web application in php how to design web application in php

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More