I want to get the final real client IP direct from nginx return, and avoid getting the IP of proxy servers.
The articles I have searched are all something like
server /client-ip {
...
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
...
}
But this format is for applications to get IP from request.
How can it directly return the real client IP when the URL is hit?
like
server /client-ip {
...
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
return "$X-real-ip"
}
But of course, the above format is not working.
How can I modify the above format to get final client's IP directly without getting proxy server's IP?
http {
# …
server {
# …
location /client-ip {
return 200 $remote_addr;
}
}
}
Related
I want to write a health point, which will call an another external endpoint in nginx.
user will call /health/downstream and it is then further going to /ping location.
This ping call will further call an external ping endpoint : https://rest.ensembl.org/info/ping?content-type=application/json
My current code looks like this:
location /health/downstream {
content_by_lua_block {
local res = ngx.location.capture("/ping")
if res then
ngx.header["content-type"] = "application/json"
ngx.send_headers()
ngx.say("status: ", res.status)
ngx.say("body:",res.body )
ngx.exit(ngx.HTTP_OK)
end
}
}
location /ping {
proxy_pass https://rest.ensembl.org/info/ping?content-type=application/json;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
add_header Content-Type text/plain;
}
Problem is currently it is returning the response as :
status: 200
body:LB www6
I don't know why I am getting an encoded response in the body response.
Any thoughts?
I have Flask application deployed in server. and we are using Nginx. nginx setup is as below:
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_read_timeout 25s;
proxy_pass http://127.0.0.1:8000;
add_header X-Cache $upstream_cache_status;
In Flask setup I have done the following :
app = Flask(__name__, static_folder=None)
app.wsgi_app = ProxyFix(app.wsgi_app)
Now, whenever user visits a site, I want a real ip. Currently I am getting
127.0.0.1
I have tried like below:
if request.headers.getlist("X-Forwarded-For"):
ip = request.environ['HTTP_X_FORWARDED_FOR']
else:
ip = request.remote_addr
Could anybody guide me here please.
Use request.access_route
https://github.com/pallets/werkzeug/blob/master/werkzeug/wrappers.py
#cached_property
def access_route(self):
"""If a forwarded header exists this is a list of all ip addresses
from the client ip to the last proxy server.
"""
if 'HTTP_X_FORWARDED_FOR' in self.environ:
addr = self.environ['HTTP_X_FORWARDED_FOR'].split(',')
return self.list_storage_class([x.strip() for x in addr])
elif 'REMOTE_ADDR' in self.environ:
return self.list_storage_class([self.environ['REMOTE_ADDR']])
return self.list_storage_class()
Example Nginx config:
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Protocol https;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
proxy_pass http://127.0.0.1:9000;
}
You should just have:
ip = request.access_route[-1]
We am trying to get nexus via nginx reverse proxy working as a private registry for docker images. We are able to perform all the operations such as pull,search and tag but not able to push to nexus registry .
Below is the nginx configuration under location block.
location ~ ^/(v1|v2)/
{
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://box.company.net:5555;
proxy_read_timeout 90;
}
We are able to search and pull images.
But with push we face below error.
x.x.x.x - admin [23/Jun/2017:14:32:34 +0800] "POST /v2/fedora/apache/blobs/uploads/?from=fedora%2Fssh&mount=sha256%3Aacd6cf67daf4cd1fcff55ece5a906a45e1569b81271b80136a1f5fecfa4546ed HTTP/1.1" 404 717 "-" "docker/1.12.6 go/go1.7.4 kernel/3.10.0-514.10.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/1.12.6 \x5C(linux\x5C))"
when we try with proxy _pass url as http://box.company.net:4444, we are able to push but cant pull the images .
Is it possible in nginx to pass two different proxy_pass urls under the same location but for different request methods . Any help would be really great ..Thanks
#sempasha : Thanks for you help . It working for me just with a minor tweak .
Below is the location block added to get it working.
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
if ($request_method !~* GET) {
proxy_pass http://box.company.net:4444;
}
if ($request_method = GET) {
proxy_pass http://box.company.net:5555;
}
proxy_read_timeout 90;
}
You can use if or map directives to select backend port.
Note, that If is Evil, not in you case of course.
location ~ ^/(v1|v2)/
{
set $port 5555;
if ($request_method = POST) {
set $port 4444;
}
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_pass http://box.company.net:$port;
proxy_read_timeout 90;
}
I'm trying to collapse a second brand of a web app into the first brand and use 301 redirects to redirect any lingering traffic. The server is running in a Vagrant box forwarding on port 8001. I would like to have:
Instead of https://local-dev-url:8001/foo/(anything) 301 to https://local-dev-url:8001/(anything)
Instead of https://local-dev-url:8001/adminfoo/(anything) 301 to https://local-dev-url:8001/admin/(anything).
Here's what I have:
location ~ /foo/?(.*)$ {
return 301 $1/;
}
location ~ /adminfoo/?(.*)$ {
return 301 admin/$1/;
}
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Authorization $http_authorization;
proxy_set_header X-Scheme $scheme;
proxy_pass http://127.0.0.1:5000;
proxy_redirect http:// $scheme://;
}
location /admin/ {
alias /hostonly/path/to/admin/stuff/;
}
However, instead of redirecting https://local-dev-url:8001/foo/ to https://local-dev-url:8001/ it is 301ing to https://local-dev-url// instead. (No port number, extra slash.) I've seen answers that hard-code the URL of the redirect, but since I work with a lot of other devs and we all have unique local dev URLs, the only consistent part is the :8001 port number.
Is there a way to configure the 301 to work as desired?
If nginx is not listening on port 8001, it cannot know which port to use in the redirect. You will need to specify it explicitly:
location ~ /foo(.*)$ {
return 301 $scheme://$http_host$1;
}
location ~ /adminfoo(.*)$ {
return 301 $scheme://$http_host/admin$1;
}
The $http_host variable consists of the hostname and port from the original request. See this document for details.
For me, editing the following lines in proxy.conf to look like this, did the trick:
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
I'd like to serve several applications from the same server, reversed-proxied through nginx. I'd like these applications to be available through a single domain name with sub-uris.
e.g.
www.mydomain.com/nodejs
=> caught by nginx listening to port 80 and served through to a node.js app running on port 3001
www.mydomain.com/rails
=> caught by nginx listening to port 80 and served through to a rails app running on port 3002
My first stab is to start with two upstreams:
# /etc/nginx/sites-available/mydomain.com
upstream nodejs {
server 127.0.0.1:3001;
}
upstream rails {
server 127.0.0.1:3002;
}
server {
listen 80 default deferred;
# What do I put here so that
# mydomain.com/nodejs is proxied to the nodejs upstream and
# mydomain.com/rails is proxied to the rails upstream ???
}
Does anyone know this or point me in the right direction?
How about:
upstream nodejs {
server 127.0.0.1:3001;
}
upstream rails {
server 127.0.0.1:3002;
}
server {
listen 80;
location /nodejs {
proxy_pass http://nodejs;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /rails {
proxy_pass http://rails;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
or shortly:
server {
listen 80;
location /nodejs {
proxy_pass http://127.0.0.1:3001;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /rails {
proxy_pass http://127.0.0.1:3002;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
?
Most of the proxy directives are optional (you probably just need proxy_pass and proxy_redirect) but useful.
About the question ,css、js、images files are missed , you can do like this,
if you use express framework。
you need add this code line
app.enable('trust proxy');
this value 'trust proxy' default value is disable.