• 欢迎访问IT乐园(o゚▽゚)o
  • 推荐使用最新版火狐浏览器和Chrome浏览器访问本网站。

nginx 反向代理 docker 中的 php+nginx 获取真实 ip host

linux fhy 5年前 (2019-01-15) 10613次浏览 0个评论

测试服务器上有一个真实的 nginx,docker 运行 php + nginx 项目。

反代理后出现无法获取客户端真实 ip 及 host 的情况,解决如下:

宿主 nginx 配置:

server {
    server_name xscenic.*.com;
    charset utf-8;
    # 后端 api
    location ~ /tianshi {
        rewrite /tianshi/(.*) /$1 break;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-Port $remote_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme; 
        proxy_pass http://127.0.0.1:4000;
    }
    # 静态资源

    location = /ts {
        rewrite ^/(.*) /ts/index.html redirect;
    }

    location = /ts/ {
        rewrite ^/(.*) /ts/index.html redirect;
    }

    location = /ts/3d {
        rewrite ^/(.*) /ts/3d/index.html redirect;
    }

    location = /ts/3d/ {
        rewrite ^/(.*) /ts/3d/index.html redirect;
    }

    location ^~ /ts/ {
        proxy_pass  http://xscenic-*.com;
        proxy_redirect     off;
        proxy_http_version 1.1;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-Port $remote_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Connection keep-alive;
        proxy_set_header Keep-Alive 600;
        proxy_set_header referer scenic.xxx.com;
        keepalive_timeout 600;
    }
}

docker nginx 容器中配置:

user  nginx;
worker_processes  1;

pid        /var/run/nginx.pid;
# error_log  /var/log/dnmp/nginx.error.log warn;

events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    # access_log /dev/null;
    #access_log  /var/log/dnmp/nginx.access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

添加一个 map 记录反代的 $scheme
反代配置不要忘记 添加 proxy_set_header X-Forwarded-Proto $scheme;

map $http_x_forwarded_proto $fe_https {
    default off;
    https on;
}

server {
    listen       80;
    # server_name localhost 0.0.0.0;
    root   /var/www/html/api/public;
    index  index.php index.html index.htm;
    charset utf-8;
    client_max_body_size 100M;
    
    # access_log /dev/null;
    # access_log  /var/log/dnmp/nginx.site1.access.log  main;
    # error_log  /var/log/dnmp/nginx.site1.error.log  warn;
    
    #error_page  404              /404.html;


    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    location / {
        index index.html index.php;
        if (-f $request_filename/index.html){
            rewrite (.*) $1/index.html break;
        }
        if (-f $request_filename/index.php){
            rewrite (.*) $1/index.php;
        }
        if (!-f $request_filename){
            rewrite (.*) /index.php;
        }
    }

    #proxy_set_header X-Real-IP $remote_addr;
    #proxy_set_header X-Real-Port $remote_port;
    #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    # api doc
    location = /apidoc {
        set $my_port 4000;
        if ($host = 'fanhengyuan1994.vicp.cc'){
            set $my_port 13259;
        }
        
        rewrite ^/(.*) $scheme://$host:$my_port/apidoc/ redirect;
    }

    location = /apidoc/ {
        try_files $uri $uri/ =404;
    }

    # deny accessing php files for the /assets directory
    location ~ ^/assets/.*\.php$ {
        deny all;
    }

    location ~ \.php$ {
        fastcgi_pass   php:9000;
        fastcgi_index  index.php;
        include        fastcgi_params;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

        set $realip $remote_addr;
        if ($http_x_forwarded_for ~ "^(\d+\.\d+\.\d+\.\d+)") {
            set $realip $1;
        }

        fastcgi_param REMOTE_ADDR $realip;

        fastcgi_param HTTPS $fe_https;
    }

    location ~/.well-know {
        allow all;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
        deny  all;
    }
}

 


IT 乐园 , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:nginx 反向代理 docker 中的 php+nginx 获取真实 ip host
喜欢 (38)
关于作者:
九零后挨踢男
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址