nginx stream module realip 真实 IP

创建日期: 2024-02-27 13:10 | 作者: 风波 | 浏览次数: 19 | 分类: Nginx

来源:https://stackoverflow.com/questions/40873393/nginx-real-client-ip-to-tcp-stream-backend

  1. htps 的监听端和 ssh 的监听端都要打开 proxy_protocol 选项
  2. 在 http/https server 透传 realip ,可以加一行 proxy_protocol。然后增加一行 proxy_set_header X-Real-IP $proxy_protocol_addr;
server {
    listen       2443 ssl proxy_protocol;
    listen       [::]:2443 ssl proxy_protocol;
}

参考配置如下

...
stream {

    upstream ssh {
        server 127.0.0.1:2222;
    }

    upstream https {
        server 127.0.0.1:444;
    }

    map $ssl_preread_protocol $upstream {
        default ssh;
        "TLSv1.2" https;
        "TLSv1.3" https;
        "TLSv1.1" https;
        "TLSv1.0" https;
    }

    server {
        listen 443;
        proxy_pass $upstream;
        proxy_protocol on;
        ssl_preread on;
    }

    server {
        listen 2222 proxy_protocol;
        proxy_pass 192.168.2.76:22;
    }
}

http {
    log_format  main  '$proxy_protocol_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

    ...
    server {
        listen 444 ssl proxy_protocol;
    ... 
    }
}
19 浏览
16 爬虫
0 评论