Last update at :2024-05-15,Edit by888u
After the website enables CDN, the visitor IP in the Nginx log will become CDN. You need to use the http_realip_module module to obtain the visitor's real IP through the X_FORWARDED_FOR field in the HTTP header. IP. This article mainly introduces how to obtain the real IP address of the Nginx service after using Tencent Cloud CDN. The following is the specific configuration method.
After the Nginx service uses Alibaba Cloud CDN, the IP address visited by the user is not real. How to obtain the real IP address. Add the following content to the location configuration item in the Nginx service configuration file to obtain the real IP address of the Nginx service.
Check whether http_realip_module is installed
nginx -V 2>&1 | tr ' ' '/n' | grep 'http_realip_module'
If there is output, it means it has been installed. Usually this module is installed as a built-in module.
Create CDN IP list configuration file
Manual creation method
vi /etc/nginx/conf.d/http_realip.conf
The content is as follows.
set_real_ip_from 173.245.48.0/20; ... set_real_ip_from 2400:cb00::/32; real_ip_header X-Forwarded-For; real_ip_recursive on;
Parameter description:
set_real_ip_from: Trusted CDN source IP. If there are multiple, add multiple lines;real_ip_header: Header field name with visitor IP information;real_ip_recursive: Exclude configured CDN IP (that is, other IPs are considered guest IPs);
Edit the /etc/nginx/nginx.conf configuration file and add reference parameters in http{...}.
Note: If Nginx is installed through DNF or YUM, you can skip this step because the Nginx configuration file has set a default reference to /etc/nginx/conf directory.
*.conf files in the .d
include /etc/nginx/conf.d/http_realip.conf;
Afterwards, refresh the Nginx service to take effect.
nginx -s reload
Automatic creation method
To avoid the trouble of manual updates after CDN IP changes, you can use Shell scripts to automatically generate configuration files and set up scheduled updates.
1. Create Shell Script
vi /etc/nginx/conf.d/http_realip.sh
2. Shell script content (CloudFlare version)
#!/usr/bin/env bash echo "# Restoring original visitor IPs" > /etc/nginx/conf.d/http_realip.conf; for i in `curl https://www.cloudflare.com/ips-v4`; do echo "set_real_ip_from $i;" >> /etc/nginx/conf.d/http_realip.conf; done for i in `curl https://www.cloudflare.com/ips-v6`; do echo "set_real_ip_from $i;" >> /etc/nginx/conf.d/http_realip.conf; done echo "real_ip_header X-Forwarded-For;" >> /etc/nginx/conf.d/http_realip.conf; echo "real_ip_recursive on;" >> /etc/nginx/conf.d/http_realip.conf; nginx -s reload
3. Grant executable permissions
chmod +x /etc/nginx/conf.d/http_realip.sh
4. Use the crontab -e command to add a scheduled task, the content is as follows (update will be run at 5:30 am on the 1st of every month)
30 5 1 * * /etc/nginx/conf.d/http_realip.sh 2>&1 > /dev/null
5. Edit the /etc/nginx/nginx.conf configuration file and add reference parameters in http{...}.
Note: If Nginx is installed through DNF or YUM, you can skip this step because the Nginx configuration file has set a default reference to /etc/nginx/conf directory.
*.conf files in the .d
include /etc/nginx/conf.d/http_realip.conf;
6. Manually run the script once to generate the configuration file and refresh the Nginx service to take effect.
/etc/nginx/conf.d/http_realip.sh
Refresh the website to check whether the visitor IP is obtained normally
Refresh the website and check whether the IP in the access log is the guest IP (see the site configuration file for the specific log file path).
tail /var/www/log/example.com.access.log
Recommended site searches: jsp space, same IP site query, Taiwan server, Ministry of Industry and Information Technology filing system, view IP, Korean server rental, IP rental, US free space, Taiwan server, Hong Kong IP,
发表评论