Incorrect IP Address Deducted by Nginx version: nginx/1.2.1

Server NGINX
1

Hi,

 We have strange issue on our swiss based on server.

Issue: Incorrect IP Address value in REMOTE_ADDR Header

           Nginx Version : 1.2.1

          Server OS : Debian 7.1

          Modules :

 nginx -V

nginx version: nginx/1.2.1
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx
–conf-path=/etc/nginx/nginx.conf
–error-log-path=/var/log/nginx/error.log
–http-client-body-temp-path=/var/lib/nginx/body
–http-fastcgi-temp-path=/var/lib/nginx/fastcgi
–http-log-path=/var/log/nginx/access.log
–http-proxy-temp-path=/var/lib/nginx/proxy
–http-scgi-temp-path=/var/lib/nginx/scgi
–http-uwsgi-temp-path=/var/lib/nginx/uwsgi
–lock-path=/var/lock/nginx.lock
–pid-path=/var/run/nginx.pid --with-pcre-jit --with-debug
–with-http_addition_module --with-http_dav_module
–with-http_geoip_module
–with-http_gzip_static_module --with-http_image_filter_module
–with-http_realip_module --with-http_stub_status_module
–with-http_ssl_module --with-http_sub_module --with-http_xslt_module
–with-ipv6 --with-sha1=/usr/include/openssl
–with-md5=/usr/include/openssl
–with-mail --with-mail_ssl_module
–add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-auth-pam
–add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-echo
–add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-upstream-fair
–add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-dav-ext-module

We have IP based security token for our application , the token
created
by nginx+php will be checked in wowza before stream play. Recently lot
of NZ
visitors complained about video not playing , it due to security token
failed between nginx+php vs wowza. here are more information

        1 .  We have installed Apache on same server and deduction

IP
Address as expected.

        2.   Even Nginx access log printing incorrect IP Address ,

so we
feel nothing missed on FastCGI setting

        3.  Based on IPLocation info incorrect IP is gateway

IPAddress

        NGINX $_SERVER


        Array

(
[FCGI_ROLE] => RESPONDER
[SCRIPT_FILENAME] => xxxxxx
[QUERY_STRING] =>
msg=Error%20loading%20stream:%20Could%20not%20connect%20to%20server
[REQUEST_METHOD] => GET
[CONTENT_TYPE] =>
[CONTENT_LENGTH] =>
[SCRIPT_NAME] => /trackfail.php
[REQUEST_URI] =>
/trackfail.php?msg=Error%20loading%20stream:%20Could%20not%20connect%20to%20server
[DOCUMENT_URI] => /trackfail.php
[DOCUMENT_ROOT] => xxxxx
[SERVER_PROTOCOL] => HTTP/1.1
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_SOFTWARE] => nginx/1.2.1
[REMOTE_ADDR] => 210.x5.2x2.93
[REMOTE_PORT] => 60187
[SERVER_ADDR] => xxxxxxx
[SERVER_PORT] => 80
[SERVER_NAME] => xxxxx
[HTTPS] =>
[REDIRECT_STATUS] => 200
[GEOIP_COUNTRY_CODE] => NZ
[GEOIP_COUNTRY_NAME] => New Zealand
[HTTP_HOST] => xxxxxxx
[HTTP_ACCEPT] => /
[HTTP_X_REQUESTED_WITH] => XMLHttpRequest
[HTTP_USER_AGENT] => Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107
Safari/537.36
[HTTP_REFERER] => xxxxxxxxxxxxxx
[HTTP_ACCEPT_ENCODING] => gzip,deflate,sdch
[HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8
[HTTP_COOKIE] => zmad=1; 2bfd_unique_user=1; defaults=1
[HTTP_CACHE_CONTROL] => max-stale=0
[HTTP_CONNECTION] => Keep-Alive
[PHP_SELF] => /trackfail.php
)

Apache $_SERVER

      Array

(
[GEOIP_ADDR] => 115.1x8.3x.37
[GEOIP_CONTINENT_CODE] => OC
[GEOIP_COUNTRY_CODE] => NZ
[GEOIP_COUNTRY_NAME] => New Zealand
[HTTP_HOST] => xxxx:8080
[HTTP_CONNECTION] => keep-alive
[HTTP_ACCEPT] => /
[HTTP_USER_AGENT] => Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107
Safari/537.36
[HTTP_REFERER] => xxxx
[HTTP_ACCEPT_ENCODING] => gzip,deflate,sdch
[HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8
[HTTP_COOKIE] => zmad=1; 2bfd_unique_user=1; defaults=1
[PATH] => /usr/local/bin:/usr/bin:/bin
[SERVER_SIGNATURE] => Apache/2.2.22 (Debian) Server at
xxxxx
Port 8080

[SERVER_SOFTWARE] => Apache/2.2.22 (Debian)
[SERVER_NAME] => xxxxxx
[SERVER_ADDR] => xxxxx
[SERVER_PORT] => 8080
[REMOTE_ADDR] => 115.1x8.3x.37
[DOCUMENT_ROOT] => xxxxxx
[SERVER_ADMIN] => webmaster@localhost
[SCRIPT_FILENAME] => xxxxxxx
[REMOTE_PORT] => 51777
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] => reqid=662&callback=jsonCallback&_=1392745097470
[REQUEST_URI] =>

/trackfail.php?reqid=662&callback=jsonCallback&_=1392745097470
[SCRIPT_NAME] => /trackfail.php
[PHP_SELF] => /trackfail.php
)

Thanks
Siva

Posted at Nginx Forum:

2

Despite what you are stating, I see a valid NZ IP address in the
'$_SERVER’​ environment variables of the PHP instance running behind
Nginx
(most probably 210.55.x.x prefix).

The Apache remote address is not the right one.

Since you failed to explain your setup, I suppose Nginx proxies traffic
to
Apache.
That would explain the REMOTE_ADDR is the one from the gateway.
Your proxy configuration fails to pass the original visitor IP address
through the HTTP_X_FORWARDED_FOR field.

B. R.

3

Hello,

If your trackfail.php (behind FastCGI) detects IP address based on
$_SERVER[‘REMOTE_ADDR’], you may would like to place additional headers
in your nginx configuration:

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

Then pass X-Real-IP as param to FastCGI:

fastcgi_param REMOTE_ADDR $http_x_real_ip;

or direct to change you trackfail.php to detects IP address based on
$_SERVER[‘HTTP_X_REAL_IP’] (after adding additional X-Real-IP header).

4

Hi Bozhidara,

   Thanks for the suggesting . I will try your setting and let you

know
soon.

Thanks
Siva

Posted at Nginx Forum:

5

Hi BR,

      www.whatismyip.com shows 115.1x8.3x.37 , Apache shows

115.1x8.3x.37

      But nginx shows 210.55.x.x

     Server Setup like follows

     Nginx on Port 80 backend FastCGI Php

     Apache on Port 8080

     nginx conf

user www-data;
worker_processes 4;
worker_rlimit_nofile 204800;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

events {
worker_connections 65535;
multi_accept on;
}

http {

#include /etc/nginx/mime.types;

access_log  /var/log/nginx/access.log;
geoip_country /usr/share/GeoIP/GeoIP.dat;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

server_tokens off;

server_names_hash_bucket_size 64;

server_tokens off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

Logging Settings

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

Gzip Settings

gzip on;
gzip_static on;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types text/plain text/css application/json
application/x-javascript text/xml application/xml application/xml+rss
text/javascript application/javascript text/x-js;
gzip_buffers 16 8k;

    gzip_disable "MSIE [1-6]\.(?!.*SV1)";

nginx-naxsi config

Uncomment it if you installed nginx-naxsi

#include /etc/nginx/naxsi_core.rules;

nginx-passenger config

Uncomment it if you installed nginx-passenger

#passenger_root /usr;
#passenger_ruby /usr/bin/ruby;

Virtual Host Configs

include /etc/nginx/conf.d/.conf;
include /etc/nginx/sites-enabled/;
}

Posted at Nginx Forum:

6

REAL IP value not passing

location ~ .php$ {
root /var/www;
fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
include fastcgi_params;
}
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param HTTP_X_REAL_IP $http_x_real_ip;
fastcgi_param REMOTE_PORT $remote_port;

<?php print_r($_SERVER); ?>

response

Array ( [USER] => www-data [HOME] => /var/www [FCGI_ROLE] => RESPONDER
[SCRIPT_FILENAME] => /var/www/test.php [QUERY_STRING] =>
[REQUEST_METHOD] =>
GET [CONTENT_TYPE] => [CONTENT_LENGTH] => [SCRIPT_NAME] => /test.php
[REQUEST_URI] => /test.php [DOCUMENT_URI] => /test.php [DOCUMENT_ROOT]
=>
/var/www [SERVER_PROTOCOL] => HTTP/1.1 [GATEWAY_INTERFACE] => CGI/1.1
[SERVER_SOFTWARE] => nginx/1.2.1 [REMOTE_ADDR] => 122.1xx.xx.227
[HTTP_X_REAL_IP] => [REMOTE_PORT] => 17467 [SERVER_ADDR] => xxxx
[SERVER_PORT] => 80 [SERVER_NAME] =>xxxx [HTTPS] => [REDIRECT_STATUS] =>
200
[GEOIP_COUNTRY_CODE] => IN [GEOIP_COUNTRY_NAME] => India [HTTP_HOST] =>
xxxx
[HTTP_CONNECTION] => keep-alive [HTTP_CACHE_CONTROL] => max-age=0
[HTTP_ACCEPT] =>
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 6.3; WOW64)
AppleWebKit/537.36
(KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36
[HTTP_ACCEPT_ENCODING] => gzip,deflate,sdch [HTTP_ACCEPT_LANGUAGE] =>
en-GB,en-US;q=0.8,en;q=0.6 [PHP_SELF] => /test.php [REQUEST_TIME_FLOAT]
=>
1392830171.8188 [REQUEST_TIME] => 1392830171 )

Thanks

Posted at Nginx Forum:

7

I am tempted to copy an URL recently provided by Maxim in another
thread:
How To Ask Questions The Smart Way

B. R.

8

Hello,

Your FastCGI params are wrong.

It should be as I wrote previously:
fastcgi_param REMOTE_ADDR $http_x_real_ip;

In your fastcgi_params file
remove:
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param HTTP_X_REAL_IP $http_x_real_ip;

and add on their place only:
fastcgi_param REMOTE_ADDR $http_x_real_ip;

Also you may place proxy_set_headers outside location, for example in
server section

server
{
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
some other …

 location ...{
 ...
 include fastcgi_params;
 }

}

9

Hi BR,

  I am really sorry , if you feel not good the way of I am asking.

  Since I am not a English person nature , perhaps I am lagging in

this
part

Sorry

Thanks
Siva

Posted at Nginx Forum:

10

We are professional Ring Die manufacturers and factory.We can produce
high
quality Pellet Die according to your requirements.More types of Pellet
Mill
Die wanted,please contact us right now

Posted at Nginx Forum: