Nginx proxy to Nginx and IP forward

Nginx proxy to Nginx and IP forward

ShamliShamli Member
edited July 2012 in General

Hi all.

I've set up an nginx proxy to proxy another server which is also an nginx. Reason for me doing this is to avoid DDOS and by using proxy server with high bandwidth.

The problem is,after reading up all I can find through Google,seems I cant get the real IP to the backend nginx server. It keeps on giving me the IP of the proxy server.

Below are my nginx config on both. Hope someone can help me fix it.

Front server(nginx proxying request) Vhost config Nginx config

backend server(Nginx+PHP-FPM+MySQL) Vhost config

AhmadShamli
Get Free 25GB backup storage here https://copy.com?r=YAYUHD

Comments

  • namename Member

    You can put all IP in X-Real-IP or X-Forwarded-For chain, and let your php script filter all proxy IP address IMO.

    I'm a stupid cat, don't blame me.

  • ShamliShamli Member

    Yeah...have thought of that.. but there are two of what I want to achieve... 1-have it logged correct IP in log file 2-filter out those coming from blaclisted IP/Country by PHP

    AhmadShamli
    Get Free 25GB backup storage here https://copy.com?r=YAYUHD
  • NickMNickM Member

    You need to set "set_real_ip_from your.proxy.server.IP" in your vhost config file. You should also set real_ip_header to X-Real-IP

    Lead Developer - HostGuard Control Panel

  • ShamliShamli Member

    @NickM Thanks...that works...I dont see anywhere that say I need to set "set_real_ip_from your.proxy.server.IP" in my backend vhost config file.... Maybe I missed them...=)

    AhmadShamli
    Get Free 25GB backup storage here https://copy.com?r=YAYUHD
  • NickMNickM Member

    Yeah, it seems that the docs don't mention that it's required. But, it does make sense to require it, since it's basically a list of IP addresses that you trust to send the correct IP. It wouldn't be a good idea to default to trusting all IPs.

    Lead Developer - HostGuard Control Panel

  • ShamliShamli Member

    right...seems my problems now solved...I'm able to get the real ip on my log and also on my PHP script...

    Thanks..=)

    AhmadShamli
    Get Free 25GB backup storage here https://copy.com?r=YAYUHD
  • With the country blocking, if it's the same rules for the whole vps why not block via Nginx GeoIP? (On the proxy server)

    http://wiki.nginx.org/HttpGeoipModule

  • ShamliShamli Member

    Perhaps by using WIPMania,I could offload the stress on my server...

    WIPMania

    AhmadShamli
    Get Free 25GB backup storage here https://copy.com?r=YAYUHD
  • telephonetelephone Member
    edited July 2012

    @Shamli said: Perhaps by using WIPMania,I could offload the stress on my server...

    Nope. That's using an external call every lookup (very taxing!).

    You're best bet to offload stress is to run the Geo checking at the lowest level possible. If you still want to use PHP, then use the C API (not pure PHP). You can easily install it via PECL. But if you're just blocking/redirecting countries, you're best bet is to run it via Nginx. That way a PHP thread won't need to be spawned for blocking.

    Also if you're only looking up countries, make sure to use the country database from Maxmind (not the city database). It's a lot smaller and will read a lot quicker:

    http://www.maxmind.com/app/benchmark

  • ShamliShamli Member

    @telephone installed Maxmind Geoip on proxy server and now it's running as intended.. done the rule on nginx config file... Thanks for ur suggestion...

    AhmadShamli
    Get Free 25GB backup storage here https://copy.com?r=YAYUHD
    Thanked by 1telephone
Sign In or Register to comment.