🏠首页 › 站长杂谈 › 请教公网出入口不同的NAT VPS，Nginx如何获取到真实访客IP

婷姐 发表于 2024-6-9 20:05:37

请教公网出入口不同的NAT VPS，Nginx如何获取到真实访客IP

求大佬们指点，{:3_49:}

买了个鸡仔云，打算穿透家里的小鸡出来做后端。

已经用frp穿透到28000端口，

已知入口IP为：1.2.3.4

通过curl 测试IP得值：4.3.2.1

应该是出入口IP不同？



通过指定hosts访问测试站点，但查看日志，获取到的IP全都是4.3.2.1

如果启用"proxy_protocol"则浏览器无法访问，就注释了。

{:2_32:}




openresty即nginx加功能版，http配置里设置了

    set_real_ip_from 0.0.0.0/0;   real_ip_header X-Forwarded-For;

server配置如下
server {    listen 80 ;   listen 443 ssl http2 ;    # 启用代理协议    #listen 80 proxy_protocol ;   #listen 443 ssl http2 proxy_protocol ;   server_name cq.abc.local;   index index.php index.html index.htm default.php default.htm default.html;   proxy_set_header Host $host;   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;   proxy_set_header X-Forwarded-Host $server_name;   proxy_set_header X-Real-IP $remote_addr;   proxy_http_version 1.1;   proxy_set_header Upgrade $http_upgrade;   proxy_set_header Connection "upgrade";   # 配置用于获取真实客户端IP的头信息    #real_ip_header proxy_protocol;    real_ip_recursive on;    #    access_log /www/sites/cq.abc.local/log/access.log;   error_log /www/sites/cq.abc.local/log/error.log;   location ^~ /.well-known/acme-challenge {      allow all;         root /usr/share/nginx/html;   }    root /www/sites/cq.abc.local/index;   if ($scheme = http) {      return 301 https://$host$request_uri;   }    ssl_certificate /www/sites/cq.abc.local/ssl/fullchain.pem;   ssl_certificate_key /www/sites/cq.abc.local/ssl/privkey.pem;   ssl_protocols TLSv1.3;   ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;   ssl_prefer_server_ciphers on;   ssl_session_cache shared:SSL:10m;   ssl_session_timeout 10m;   add_header Strict-Transport-Security "max-age=31536000";   error_page 497 https://$host$request_uri;   proxy_set_header X-Forwarded-Proto https;   ssl_stapling on;   ssl_stapling_verify on;   include /www/sites/cq.abc.local/proxy/*.conf; }

反代的location如下
location ^~ / {    proxy_pass https://127.0.0.1:28000;   proxy_set_header Host $host;   proxy_set_header X-Real-IP $remote_addr;   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;   proxy_set_header REMOTE-HOST $remote_addr;   proxy_set_header Upgrade $http_upgrade;   proxy_set_header Connection "upgrade";   proxy_set_header X-Forwarded-Proto $scheme;   proxy_http_version 1.1;   add_header X-Cache $upstream_cache_status;   add_header Strict-Transport-Security "max-age=31536000";   add_header Cache-Control no-cache;   # 禁用缓存    proxy_cache off;   # Disable buffering when the nginx proxy gets very resource heavy upon streaming    proxy_buffering off; }https://cdn.jsdelivr.net/gh/master-of-forums/master-of-forums/public/images/patch.gif

拾光 发表于 2024-6-9 20:06:35

dddddddddddd{:3_49:}https://cdn.jsdelivr.net/gh/master-of-forums/master-of-forums/public/images/patch.gif

查看完整版本: 请教公网出入口不同的NAT VPS，Nginx如何获取到真实访客IP