Project

General

Profile

Forums » Help »

Trouble getting real ip behine Nginx when using wthttpd

Added by Mamadou Babaei about 8 years ago

Hi,

In FastCGI mode using Nginx I can get the real IP of the visitor. But, since I switched to built-in web server I cannot get the real IP while I'm using websockets on wthttpd. It always returns 127.0.0.1.

Nginx configuration:

map $http_upgrade $connection_upgrade {

default upgrade;

'' close;

}

upstream BlogSubscriptionService {

server 127.0.0.1:10101;

}

server {

listen 80;

server_tokens off;

server_name subscribe.babaei.net;

charset utf-8;

merge_slashes on;

# even this won't make a difference

set_real_ip_from 0.0.0.0/0;

real_ip_header X-Real-IP;

real_ip_recursive on;

location / {

gzip off;

proxy_read_timeout 300;

proxy_connect_timeout 300;

proxy_redirect off;

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection $connection_upgrade;

proxy_set_header Host $http_host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-Ssl on;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Frame-Options SAMEORIGIN;

proxy_pass http://BlogSubscriptionService;

}

}

The FastCGI configuration that works, can be found here:

https://github.com/NuLL3rr0r/blog-subscription-service

Regards,

Mohammad S. Babaei


Replies (3)

RE: Trouble getting real ip behine Nginx when using wthttpd - Added by Mamadou Babaei about 8 years ago

Oops, I messed up the formatting so I post it again:

http {
    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

    upstream BlogSubscriptionService {
        server 127.0.0.1:10101;
    }

    server {
        listen        80;
        server_tokens off;
        server_name   subscribe.babaei.net;

        #error_log     /srv/babaei.net/log/blog-subscription-service_error_log;
        #access_log    /srv/babaei.net/log/blog-subscription-service_access_log;

        charset utf-8;
        merge_slashes on;

        # even this won't make a difference
        #set_real_ip_from 10.0.0.0/8;
        #real_ip_header X-Real-IP;
        #real_ip_recursive on;

        location / {
            gzip off;

            proxy_read_timeout 300;
            proxy_connect_timeout 300;
            proxy_redirect off;

            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-Ssl on;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Frame-Options SAMEORIGIN;

            proxy_pass http://BlogSubscriptionService;
        }

        # Error Pages
        include        /srv/.nginx/conf/error;
    }
}

RE: Trouble getting real ip behine Nginx when using wthttpd - Added by Koen Deforche about 8 years ago

You also need to enable true otherwise Wt will not trust these 'X-Forwarded' headers.

RE: Trouble getting real ip behine Nginx when using wthttpd - Added by Mamadou Babaei about 8 years ago

Koen Deforche wrote:

You also need to enable true otherwise Wt will not trust these 'X-Forwarded' headers.

Thank you so much. It did the trick.

    (1-3/3)