Nginx 从阿里云SLB转发流量中获取真实IP

扩展之前写的Nginx负载配置。

当服务器身处于阿里云SLB负载之后，若从其中获取真实IP，需要重新编译下Nginx，并修改下配置即可。

编译安装

[root@node1 ~]# wget http://nginx.org/download/nginx-1.10.0.tar.gz
[root@node1 ~]# tar zxf nginx-1.10.0.tar.gz -C /usr/local/src/
[root@node1 ~]# cd /usr/local/src/nginx-1.10.0/
[root@node1 nginx-1.10.0]# groupadd -g 222 www
[root@node1 nginx-1.10.0]# useradd -g www -u 222 -s /sbin/nologin -M www
[root@node1 nginx-1.10.0]# yum install -y gcc pcre-devel openssl-devel
[root@node1 nginx-1.10.0]# ./configure --prefix=/data/nginx --user=www --group=www --with-threads --with-http_realip_module --with-http_ssl_module --with-stream --with-stream_ssl_module
[root@node1 nginx-1.10.0]# make -j `cat /proc/cpuinfo | grep processor | wc -l`;make install

主要多添加了个–with-http_realip_module模块。

之后主配置文件中添加从阿里负载IP中的X-Forwarded-For变量中提取真实IP：

[root@node1 nginx]# vim conf/nginx.conf

# Nginx Main Configure.
user  www;
worker_processes  4;
 
#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
 
#pid        logs/nginx.pid;
 
 
events {
    worker_connections  1024;
}
 
 
http {
    include       mime.types;
    default_type  application/octet-stream;
 
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
 
    #access_log  logs/access.log  main;
    server_tokens  off;
    client_max_body_size 30m;
    sendfile        on;
    #tcp_nopush     on;
    #keepalive_timeout  0;
    keepalive_timeout  65;
    gzip  on;
    gzip_min_length 1024;
    gzip_buffers 4 128k;
    gzip_http_version 1.0;
    gzip_comp_level 6;
    gzip_proxied any;
    gzip_types text/plain  text/javascript application/x-javascript text/css  text/xml image/jpg  application/xml  image/jpeg image/gif im
age/png;
    gzip_vary on;
    gzip_disable        "Dalvik\.";
 
    set_real_ip_from 100.97.0.0/16;
    real_ip_header X-Forwarded-For;

include vhosts/*.conf;
 
}

set_real_ip_from设置从此IP中获取真实IP，real_ip_header告诉Nginx从包头哪个变量中提取真实IP。

其提取出来之后，真实IP就自动写入到$remote_addr中。