Trouble getting real ip behine Nginx when using wthttpd
Added by Mamadou Babaei about 8 years ago
Hi,
In FastCGI mode using Nginx I can get the real IP of the visitor. But, since I switched to built-in web server I cannot get the real IP while I'm using websockets on wthttpd. It always returns 127.0.0.1.
Nginx configuration:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream BlogSubscriptionService {
server 127.0.0.1:10101;
}
server {
listen 80;
server_tokens off;
server_name subscribe.babaei.net;
charset utf-8;
merge_slashes on;
# even this won't make a difference
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Real-IP;
real_ip_recursive on;
location / {
gzip off;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://BlogSubscriptionService;
}
}
The FastCGI configuration that works, can be found here:
https://github.com/NuLL3rr0r/blog-subscription-service
Regards,
Mohammad S. Babaei
Replies (3)
RE: Trouble getting real ip behine Nginx when using wthttpd - Added by Mamadou Babaei about 8 years ago
Oops, I messed up the formatting so I post it again:
http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream BlogSubscriptionService {
server 127.0.0.1:10101;
}
server {
listen 80;
server_tokens off;
server_name subscribe.babaei.net;
#error_log /srv/babaei.net/log/blog-subscription-service_error_log;
#access_log /srv/babaei.net/log/blog-subscription-service_access_log;
charset utf-8;
merge_slashes on;
# even this won't make a difference
#set_real_ip_from 10.0.0.0/8;
#real_ip_header X-Real-IP;
#real_ip_recursive on;
location / {
gzip off;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://BlogSubscriptionService;
}
# Error Pages
include /srv/.nginx/conf/error;
}
}
RE: Trouble getting real ip behine Nginx when using wthttpd - Added by Koen Deforche about 8 years ago
You also need to enable true otherwise Wt will not trust these 'X-Forwarded' headers.
RE: Trouble getting real ip behine Nginx when using wthttpd - Added by Mamadou Babaei about 8 years ago
Koen Deforche wrote:
You also need to enable true otherwise Wt will not trust these 'X-Forwarded' headers.
Thank you so much. It did the trick.