nginx四层代理获取真实ip

2023-03-05

在代理链上设置 proxy_protocol, set_real_up_from xxx;以及real_ip_header proxy_protocol, 其中set_real_up_from后面可以跟docker network的域名,特定ip或ip段(0.0.0.0/0, 10.0.0.0/16)等

```shell diff --git a/nginx/conf.d/default.conf.template b/nginx/conf.d/default.conf.template index e710f01..b5e831c 100644 --- a/nginx/conf.d/default.conf.template +++ b/nginx/conf.d/default.conf.template @@ -5,9 +5,12 @@ server { }

server { - listen 8443 ssl; + listen 8443 ssl proxy_protocol; server_name ${MAIN_DOMAIN};

  • set_real_ip_from nginx;
  • real_ip_header proxy_protocol; + client_max_body_size 100m;

    ssl_certificate ${MAIN_CERT_PATH}; diff --git a/nginx/nginx.conf.template b/nginx/nginx.conf.template index b9e7965..a5aeab3 100644 --- a/nginx/nginx.conf.template +++ b/nginx/nginx.conf.template @@ -31,6 +31,7 @@ stream { listen 443 reuseport; proxy_pass $stream_map; ssl_preread on; + proxy_protocol on; } }

@@ -38,6 +39,8 @@ http { include /etc/nginx/mime.types; default_type application/octet-stream;

  • set_real_ip_from nginx;
  • real_ip_header proxy_protocol; log_format main \$remote_addr - $remote_user [$time_local] \"$request\" \ \$status $body_bytes_sent \"$http_referer\" \ \\"$http_user_agent\" \"$http_x_forwarded_for\"\; ```