How to obtain the user IP address on the second layer Nginx of a two-tier server

Source: Internet
Author: User
Tags localhost mysql
: This article mainly introduces how to obtain the user IP address on Nginx on the second layer of the two-tier server. if you are interested in the PHP Tutorial, refer to it. How to obtain the user IP address on the second layer Nginx of a two-tier server

I. I encountered a problem when configuring the nginx server. in the past, the server used a function to limit the maximum concurrent connections of the client. In addition, this function is implemented on the server.

$remote-addr

This configuration is achieved. However, after a front-end layer (load, CDN, firewall, and security service) server is added, the client IP address obtained is changed to the IP address of the front-end server, instead of the real user IP address.

II. in this case, I have read the nginx official website several times again and found another important variable.

$proxy_add_x_forwarded_for

This variable is the value of the X-forwarded-for field in the client access request. if this field is not included in the request, automatic use of this variable will be equivalent to the remote-addr variable. This allows us to obtain the field of the client's real IP address saved by the front-end server in an HTTP request, which is usually the X_FORWARDED_FOR field we are talking about, we can implement various functions.

3. let me give you a simple demonstration. Many shortcomings. please correct me.

First, build the Nginx environment. here we use the latest version 1.7.9 of the 1.7 series as an example. (For more information about the version, see FAQ 1)

Download, WGET address http://nginx.org/download/nginx-1.7.9.tar.gz

1. download Nginx

[Lugt @ localhostmysql] $ wget http://nginx.org/download/nginx-1.7.9.tar.gz

2. extract

[Lugt @ localhostmysql] $ tar zxvf nginx-1.7.9.tar.gz

3. compile directly (whether openssl and other plug-ins are required)

[Lugt @ localhost mysql] $ cd nginx-1.7.9

[Lugt @ localhost nginx-1.7.9] $./configure

[Lugt @ localhost nginx-1.7.9] $ make

[Lugt @ localhost nginx-1.7.9] $ su

[Lugt@localhostnginx-1.7.9] $ make install

4. modify the nginx. conf configuration file.

[Lugt @ localhost nginx-1.7.9] $ su

[Lugt @ localhost nginx-1.7.9] $ cd/usr/local/nginx

[Lugt @ localhostnginx] $ vi conf/nginx. conf

Find this in nginx. conf and add it to set load balancing to simulate CDN

Upstream dnsnginx1 {server [*. *. *. */yourhostname]: 8080 weight = 10000; # fill in IP address, domain name} server {listen 80; server_name # access_log logs/host. access. log main location/{proxy_pass http: // dnsnginx1; proxy_set_header Host $ host; using X-Real-IP $ remote_addr; using X-Forwarded-For $ scheme; proxy_set_header starting $ remote_addr; proxy_redirect default ;}}

Set a virtual server on port 8080,

Limit_conn_zone $ proxy_add_x_forwarded_for zone = addr: 10 m; # concurrent setting space 10 Mserver {listen 8080; server_name [*. *. *. */yourhostname]: 8080 weight = 10000; # fill in the IP address and domain name limit_conn addr 1; # limit the maximum number of concurrent connections on the client to 1 location/{root html; index index.html index.htm ;}}

Save. Test the configuration file syntax.

[Lugt @ localhostnginx] $./sbin/nginx-t

Start the server

[Lugt @ localhostnginx] $./sbin/nginx

4. use the AB tool to view the effect.

[Lugt @ localhost nginx] $ AB-c 10-n 100-v 4 http: // 127.0.0.1/| grep HTTP/1.1

The address accessed through the AB test tool. the number of concurrent connections is 30, and the total number of tests is 300. The HTTP return header information is displayed.

The AB tool can be used to determine the maximum number of concurrent connections sent at the same time, and only the maximum number of concurrent connections previously limited by nginx is returned successfully. Therefore, it can be proved that the IP address restriction function is ready for use. For more information, see FAQ2.

FAQ 1

If the current Nginx version is not 1.7.1, nginx may not support this function,

In this case, you need to get the x_forwarded_for value from the request by using a piece of code in the limit_conn_handler function.

Take Version 1.6.1 as an example. add the following code. Src/http/modules/ngx_http_limit_conn.c row 184th

hash =ngx_crc32_short(key.data, key.len);                                                                              If(“” == &ctx->key){                                                             If(NULL!= r->main->headers_in->x_forwarded_for->elts){                                  key.data= *(char*)r->main->headers_in->x_forwarded_for->elts;                      key.len = 4;                                                                                                                               hash =ngx_crc32_short(key.data, key.len);                                                                     }                                                                                                                                                 }          

FAQ 2 reference data

Here is a reference data to obtain

[Lugt @ localhost ~] $ AB-c 10-n 100-v 4 http: // 127.0.0.1/| grep HTTP/1.1


HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1 200 OK

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1 200 OK

<... Repeated appears repeatedly for eight times.

English Version

How to retrievethe true ip of the client user if there are two layers of servers

Days before, wehave been faced such a difficulty which is we can't use the variable$ Remote_addrFor gathering the clients 'IP address. this problem surfaces when we used a proxy server between the trueserver and client, which is actually a cdn. and that makes our functions oflimiting the maximum connections a client can make to a server at a time. thissituation can also found if the load balance or any anti-spam service are inuse. so that's why we can't use remote_addr variable further.

After I did someresearch on the documentation and the code, I found out that this problem canbe solved by replacing

 $remote_addr 

Variable with
$proxy_add_x_forwarded_for
Variable. As this variable allows to retrievethe data from the column X_forwarded_for from the request, we can use thisvariable functioning in different ways.

And now I shall makean easy example to practically use this method.

First of all, build up a Nginx server.

Here, I will usethe 1.7.9 version (latest to the written time) for instance, therefore, thereexist some differences between older versions than 1.7.1 (see FAQ 1)

1. Download A Nginx Copy:

[Lugt @ localhostmysql] $ wget http://nginx.org/download/nginx-1.7.9.tar.gz

2. Decompress the file

[Lugt @ localhostmysql] $ tar zxvf nginx-1.7.9.tar.gz

3. Compile The Code

[Lugt @ localhostmysql] $ cd nginx-1.7.9

[Lugt@localhostnginx-1.7.9] $./configure

[Lugt@localhostnginx-1.7.9] $ make

[Lugt@localhostnginx-1.7.9] $ su

[Lugt@localhostnginx-1.7.9] $ make install

4. And edit the config file nginx. conf

[Lugt @ localhost nginx-1.7.9] $ su

[Lugt@localhostnginx-1.7.9] $ cd/usr/local/nginx

[Lugt @ localhostnginx] $ vi conf/nginx. conf

There add suchdireves VES to the server1 for emulate for an CDN server

upstream dnsnginx1 {        server[*.*.*.*/yourhostname]:8080 weight=1000; #fill in your ip/hostname}server {        listen       80;        server_name  [hostname]   #fill your ip/ hostname here#access_log  logs/host.access.log  main        location /{           proxy_pass          http://dnsnginx1;            proxy_set_header    Host             $host;            proxy_set_header    X-Real-IP        $remote_addr;            proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;            proxy_set_header    HTTP_X_FORWARDED_FOR $remote_addr;            proxy_redirect      default;}}  

After the end ofone server directive, and in the http direve VE, add so to function the sever2

limit_conn_zone $proxy_add_x_forwarded_for zone=addr:10m;  # sample settingserver {        listen       8080;        server_name  [*.*.*.*/hostname]:8080 weight=10000; #fill in ip/hostname here        limit_conn addr 1; # Enablethe limitation of connection per ip at a time to 1.             location / {            root   html;            index  index.html index.htm;        }}

And then you cansave, test the config file and run nginx

Test your configfile:

[Lugt @ localhostnginx] $./sbin/nginx-t

Start the nginx server

[Lugt @ localhostnginx] $./sbin/nginx

Now, the serverhas been set and you can run a test at instance.

/* This CommandMeans to run a tool to connect to server as 10 conn/once and 10 conns in total */

[Lugt @ localhost ~] $ AB-c 10-n 100-v 4 http: // 127.0.0.1/| grep HTTP/1.1

FAQ 1

There is actuallysome little malfunctions when using elder versions than 1.7.1 (Probably the newversion has it for a new feature). So to use this directive in earlier versions, some code need to be added.

As a Example inthe version 1.6.1

In filesrc/http/modules/ngx_http_limit_conn.c Line around und 184

hash =ngx_crc32_short(key.data, key.len);                                                                             If("" == &ctx->key){                                                                 If(NULL!= r->main->headers_in->x_forwarded_for->elts){                                  key.data= *(char*)r->main->headers_in->x_forwarded_for->elts;                      key.len = 4;                                                                                                                               hash =ngx_crc32_short(key.data, key.len);                                                                         }
}           

FAQ 2 TestingResults

[Lugt @ localhost ~] $ AB-c 10-n 100-v 4 http: // 127.0.0.1/| grep HTTP/1.1

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1 200 OK

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1503 Service Temporarily Unavailable

HTTP/1.1 200 OK

<... Repeated as 8 times of HTTP/503 and 1 time of HTTP/200 and so on>

The above describes how to obtain the user IP address on Nginx on the second layer of the two-tier server, including some content, and hope to help those who are interested in the PHP Tutorial.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.