Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Categories
Nginx proxy to Nginx and IP forward
Hi all.
I've set up an nginx proxy to proxy another server which is also an nginx. Reason for me doing this is to avoid DDOS and by using proxy server with high bandwidth.
The problem is,after reading up all I can find through Google,seems I cant get the real IP to the backend nginx server. It keeps on giving me the IP of the proxy server.
Below are my nginx config on both. Hope someone can help me fix it.
Front server(nginx proxying request) Vhost config Nginx config
backend server(Nginx+PHP-FPM+MySQL) Vhost config
AhmadShamli Get Free 25GB backup storage here [b]https://copy.com?r=YAYUHD[/b]
Tagged:
- 2008- © LowEndBox. Powered by Vanilla. All date/time in UTC.
- Follow @LowEndNetwork
Comments
You can put all IP in X-Real-IP or X-Forwarded-For chain, and let your php script filter all proxy IP address IMO.
I'm a stupid cat, don't blame me.
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksYeah...have thought of that.. but there are two of what I want to achieve... 1-have it logged correct IP in log file 2-filter out those coming from blaclisted IP/Country by PHP
AhmadShamli Get Free 25GB backup storage here [b]https://copy.com?r=YAYUHD[/b]
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksYou need to set "set_real_ip_from your.proxy.server.IP" in your vhost config file. You should also set real_ip_header to X-Real-IP
Unless otherwise specified, opinions posted are my own, not those of any person or company I work for
- Spam
- Abuse
- Troll
0 • Disagree Agree Thanks@NickM Thanks...that works...I dont see anywhere that say I need to set "set_real_ip_from your.proxy.server.IP" in my backend vhost config file.... Maybe I missed them...=)
AhmadShamli Get Free 25GB backup storage here [b]https://copy.com?r=YAYUHD[/b]
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksYeah, it seems that the docs don't mention that it's required. But, it does make sense to require it, since it's basically a list of IP addresses that you trust to send the correct IP. It wouldn't be a good idea to default to trusting all IPs.
Unless otherwise specified, opinions posted are my own, not those of any person or company I work for
- Spam
- Abuse
- Troll
0 • Disagree Agree Thanksright...seems my problems now solved...I'm able to get the real ip on my log and also on my PHP script...
Thanks..=)
AhmadShamli Get Free 25GB backup storage here [b]https://copy.com?r=YAYUHD[/b]
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksWith the country blocking, if it's the same rules for the whole vps why not block via Nginx GeoIP? (On the proxy server)
http://wiki.nginx.org/HttpGeoipModule
PHP Looking Glass
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksPerhaps by using WIPMania,I could offload the stress on my server...
WIPMania
AhmadShamli Get Free 25GB backup storage here [b]https://copy.com?r=YAYUHD[/b]
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksNope. That's using an external call every lookup (very taxing!).
You're best bet to offload stress is to run the Geo checking at the lowest level possible. If you still want to use PHP, then use the C API (not pure PHP). You can easily install it via PECL. But if you're just blocking/redirecting countries, you're best bet is to run it via Nginx. That way a PHP thread won't need to be spawned for blocking.
Also if you're only looking up countries, make sure to use the country database from Maxmind (not the city database). It's a lot smaller and will read a lot quicker:
http://www.maxmind.com/app/benchmark
PHP Looking Glass
- Spam
- Abuse
- Troll
0 • Disagree Agree Thanks@telephone installed Maxmind Geoip on proxy server and now it's running as intended.. done the rule on nginx config file... Thanks for ur suggestion...
AhmadShamli Get Free 25GB backup storage here [b]https://copy.com?r=YAYUHD[/b]
- Spam
- Abuse
- Troll
0 • Disagree Agree Thanks