I’m sure this has been asked before, but I could not find an answer.I’m
using nginx-0.7.66.I have 6 webservers running Apache, tomcat, IIS on
it. We are using ip base access for some directories and files on our
servers.But when we use nginx as a load balancer, these rules (ip based
access on apache,tomcat and IIS) are not working , because of our
servers are seeing Nginx’s ip address as client ip address.
Does anybody know how I can pass client’s ip addresses directly through
our servers on Nginx?
here is our sample nginx.conf
#########################
#user nobody;
worker_processes 16;
error_log logs/error.log;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
upstream webserver_a {
ip_hash;
server 192.168.100.4:80;
server 192.168.100.5:80;
}
server {
listen *:80;
server_name our.domain.com;
access_log logs/webserver_a.access.log;
Thank you for your answers but it did not help me. Because I m using
IIS, tomcat and Apache and I need to resolve for all http server.
When I try to show client’s ip on server , I can see by like this jsp
code " out.print(request.getHeader(“X-Real-IP”));"
but ip based access rules on apache,tomcat and IIS are not
working.Actually I need to not change client’s ip. could ngnix work
transparent mode ?
You will also need either an old linux kernel (2.2 which can spoof the
client ips to backends) or afaik since 2.6.28 the tproxy support comes
with
the kernel (older ones you would need to patch ( One Identity | Unified Identity Security ) ).
Using the header method allows you to skip the need of doing all that.
Regarding apache read my previous mail - about mod_realip2 ( it can make
the
webserver to see the request incomming from clients rather than proxy ip
).
While of course nginx could maybe do this also on its own I don’t
really
see this happening as in nginx + ( nginx / apache / lighty etc )
combinations the realip modules of each webserver accomplish the task
pretty
fine in more simple and controllable way. There might be even an easy
solution for IIS to do the same… but as I havent touched it for 10
years
can’t help there
rr
From: “ahlatci” [email protected]
Sent: Friday, June 11, 2010 8:36 PM
To: [email protected]
Subject: Re: ip based access behind nginx load balancer
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.