测试服务器上有一个真实的 nginx,docker 运行 php + nginx 项目。
反代理后出现无法获取客户端真实 ip 及 host 的情况,解决如下:
宿主 nginx 配置:
server {
server_name xscenic.*.com;
charset utf-8;
# 后端 api
location ~ /tianshi {
rewrite /tianshi/(.*) /$1 break;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:4000;
}
# 静态资源
location = /ts {
rewrite ^/(.*) /ts/index.html redirect;
}
location = /ts/ {
rewrite ^/(.*) /ts/index.html redirect;
}
location = /ts/3d {
rewrite ^/(.*) /ts/3d/index.html redirect;
}
location = /ts/3d/ {
rewrite ^/(.*) /ts/3d/index.html redirect;
}
location ^~ /ts/ {
proxy_pass http://xscenic-*.com;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Connection keep-alive;
proxy_set_header Keep-Alive 600;
proxy_set_header referer scenic.xxx.com;
keepalive_timeout 600;
}
}
docker nginx 容器中配置:
user nginx;
worker_processes 1;
pid /var/run/nginx.pid;
# error_log /var/log/dnmp/nginx.error.log warn;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# access_log /dev/null;
#access_log /var/log/dnmp/nginx.access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
gzip on;
include /etc/nginx/conf.d/*.conf;
}
添加一个 map 记录反代的 $scheme
反代配置不要忘记 添加 proxy_set_header X-Forwarded-Proto $scheme;
map $http_x_forwarded_proto $fe_https {
default off;
https on;
}
server {
listen 80;
# server_name localhost 0.0.0.0;
root /var/www/html/api/public;
index index.php index.html index.htm;
charset utf-8;
client_max_body_size 100M;
# access_log /dev/null;
# access_log /var/log/dnmp/nginx.site1.access.log main;
# error_log /var/log/dnmp/nginx.site1.error.log warn;
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location / {
index index.html index.php;
if (-f $request_filename/index.html){
rewrite (.*) $1/index.html break;
}
if (-f $request_filename/index.php){
rewrite (.*) $1/index.php;
}
if (!-f $request_filename){
rewrite (.*) /index.php;
}
}
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Real-Port $remote_port;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# api doc
location = /apidoc {
set $my_port 4000;
if ($host = 'fanhengyuan1994.vicp.cc'){
set $my_port 13259;
}
rewrite ^/(.*) $scheme://$host:$my_port/apidoc/ redirect;
}
location = /apidoc/ {
try_files $uri $uri/ =404;
}
# deny accessing php files for the /assets directory
location ~ ^/assets/.*\.php$ {
deny all;
}
location ~ \.php$ {
fastcgi_pass php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
set $realip $remote_addr;
if ($http_x_forwarded_for ~ "^(\d+\.\d+\.\d+\.\d+)") {
set $realip $1;
}
fastcgi_param REMOTE_ADDR $realip;
fastcgi_param HTTPS $fe_https;
}
location ~/.well-know {
allow all;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
