转发 IP 地址 - NGINX 和 IIS
我们有一个正在运行的 NGINX,将外部用户重定向到我们的 IIS 服务器。问题是IIS看到的IP是NGINX机器,而不是外部用户的IP。我们的日志充满了“10.0.0.2”IP,这是不正确的。
显示了类似的配置文件。我们已经包含了“proxy_set_header”行。
这个配置文件正确吗? IIS 服务器应该做什么?我们应该在 web.config 文件中包含一些主题吗?如果是这样的话,我们应该补充什么呢?
server {
listen 10.0.0.2:443 ssl;
server_name web.mydomain.com;
ssl_certificate /home/admin/conf/web/ssl.web.mydomain.com.pem;
ssl_certificate_key /home/admin/conf/web/ssl.web.mydomain.com.key;
error_log /var/log/apache2/domains/web.mydomain.com.error.log error;
location / {
proxy_set_header x-real-IP Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $remote_addr;
proxy_pass https://10.0.0.11;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|tif|tiff|css|js|htm|html|ttf|otf)$ {
root /home/admin/web/web.mydomain.com/public_html;
access_log /var/log/apache2/domains/web.mydomain.com.log combined;
access_log /var/log/apache2/domains/web.mydomain.com.bytes bytes;
expires max;
try_files $uri @fallback;
}
}
location /error/ {
alias /home/admin/web/web.mydomain.com/document_errors/;
}
location @fallback {
proxy_pass https://10.0.0.11;
}
location ~ /\.ht {return 404;}
location ~ /\.svn/ {return 404;}
location ~ /\.git/ {return 404;}
location ~ /\.hg/ {return 404;}
location ~ /\.bzr/ {return 404;}
include /home/admin/conf/web/snginx.web.mydomain.com.conf*;
}
We have a working NGINX redirecting our external users to our IIS server. The problem is that the IP seen by the IIS is the NGINX machine, not the IP from external users. Our logs are full of "10.0.0.2" IPs which is incorrect.
A similar configuration file is shown. We already included "proxy_set_header" lines.
Is this config file correct? What should be done at IIS server? Should we just include some topics at web.config file? If this is the case, what should we add?
server {
listen 10.0.0.2:443 ssl;
server_name web.mydomain.com;
ssl_certificate /home/admin/conf/web/ssl.web.mydomain.com.pem;
ssl_certificate_key /home/admin/conf/web/ssl.web.mydomain.com.key;
error_log /var/log/apache2/domains/web.mydomain.com.error.log error;
location / {
proxy_set_header x-real-IP Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $remote_addr;
proxy_pass https://10.0.0.11;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|tif|tiff|css|js|htm|html|ttf|otf)$ {
root /home/admin/web/web.mydomain.com/public_html;
access_log /var/log/apache2/domains/web.mydomain.com.log combined;
access_log /var/log/apache2/domains/web.mydomain.com.bytes bytes;
expires max;
try_files $uri @fallback;
}
}
location /error/ {
alias /home/admin/web/web.mydomain.com/document_errors/;
}
location @fallback {
proxy_pass https://10.0.0.11;
}
location ~ /\.ht {return 404;}
location ~ /\.svn/ {return 404;}
location ~ /\.git/ {return 404;}
location ~ /\.hg/ {return 404;}
location ~ /\.bzr/ {return 404;}
include /home/admin/conf/web/snginx.web.mydomain.com.conf*;
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您可以使用 IIS 增强日志记录来编写自定义标头(例如
X-Forwarded-For)来记录文件,https://learn.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/site/logfile/customfields/add
无法更改源 IP 字段,因为事实上,这就是 TCP/HTTP 数据包中记录的 IP 地址。
You can use IIS enhanced logging to write custom headers like
X-Forwarded-Forto log files,https://learn.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/site/logfile/customfields/add
There is no way to change the source IP field, because indeed that's IP address recorded in the TCP/HTTP packets.
起初我以为这与 IIS/NGINX 有关,但在 @lex-li 和 @bruce-zhang 回复后我对此进行了更多研究。
我实际上不知道,但在我们的应用程序(在 IIS 上运行)中,有这些标头的侦听器,并且这些侦听器没有正确实现。
所以这只是我们的应用程序和 NGINX 之间的不一致。
感谢@lex-li 和@bruce-zhang
At first I though this would be something related to IIS/NGINX, but after @lex-li and @bruce-zhang repplies I researched more about it.
I actually did not know but inside our application (running at IIS) there are listeners to those headers, and those listeners were not properly implemented.
So it was just a misalignment between our application and NGINX.
Thanks both @lex-li and @bruce-zhang