Nginx on a box with 2 network cards


#1

Quick question: on a box with 2 network cards, how do I make nginx use
only one of those cards (e.g., eth0 and not eth1)?

(sorry if you are getting this twice, the first time didn’t seem to go
through)


#2

i would think you just tell it listen a.b.c.d:80; etc and have
whatever you want be listening on whatever ips each one is bound to…

On Mon, Feb 23, 2009 at 4:02 PM, Mohammad K.


#3

My nginx is getting requests through a (NetScaler) load balancer, and
$remote_addr is returning the load balancer’s IP and not the real user’s
IP (which the load balancer sets as REMOTE_ADDR in the header). Any
other attribute I should use to get the real user’s IP?

-M


#4

I monitored the HTTP headers of the requests that are forwarded to Nginx
by the load balancer using tcpdump, and I can clearly see that the
remote IP is added to the headers as a new header “REMOTE ADDR:”, still
use $http_x_forwarded_for it?

Thanks,
-M


From: Abhishek S. removed_email_address@domain.invalid
To: removed_email_address@domain.invalid
Sent: Wednesday, March 4, 2009 7:06:18 PM
Subject: Re: nginx not setting REMOTE_ADDR properly?

Use “$http_x_forwarded_for” to log client real ip address.

On Thu, Mar 5, 2009 at 8:22 AM, Mohammad K.
removed_email_address@domain.invalid wrote:

My nginx is getting requests through a (NetScaler) load balancer, and
$remote_addr is returning the load balancer’s IP and not the real user’s
IP (which the load balancer sets as REMOTE_ADDR in the header). Any
other attribute I should use to get the real user’s IP?

-M


#5

Yes you have to use $http_x_forwarded_for for it.

On Thu, Mar 5, 2009 at 9:59 AM, Mohammad K.
<removed_email_address@domain.invalid

wrote:



Abhishek Kumar S.
ibibo web pvt. ltd.

www.ibibo.com

Mob: +91-9810848283


#6

Use “$http_x_forwarded_for” to log client real ip address.

On Thu, Mar 5, 2009 at 8:22 AM, Mohammad K.
<removed_email_address@domain.invalid


#7

I tried using $http_x_forwarded_for and what is being logged is “-” and
not the remote user’s IP, even though I verified again (using tcpdump)
and the remote user’s IP is right after “REMOTE_ADDR :” in http headers.


From: Abhishek S. removed_email_address@domain.invalid
To: removed_email_address@domain.invalid
Sent: Wednesday, March 4, 2009 8:38:49 PM
Subject: Re: nginx not setting REMOTE_ADDR properly?

Yes you have to use $http_x_forwarded_for for it.

On Thu, Mar 5, 2009 at 9:59 AM, Mohammad K.
removed_email_address@domain.invalid wrote:

I monitored the HTTP headers of the requests that are forwarded to Nginx
by the load balancer using tcpdump, and I can clearly see that the
remote IP is added to the headers as a new header “REMOTE ADDR:”, still
use $http_x_forwarded_for it?

Thanks,
-M


From: Abhishek S. removed_email_address@domain.invalid
To: removed_email_address@domain.invalid
Sent: Wednesday, March 4, 2009 7:06:18 PM
Subject: Re: nginx not setting REMOTE_ADDR properly?

  • Show quoted text -

Use “$http_x_forwarded_for” to log client real ip address.

On Thu, Mar 5, 2009 at 8:22 AM, Mohammad K.
removed_email_address@domain.invalid wrote:

My nginx is getting requests through a (NetScaler) load balancer, and
$remote_addr is returning the load balancer’s IP and not the real user’s
IP (which the load balancer sets as REMOTE_ADDR in the header). Any
other attribute I should use to get the real user’s IP?

-M


Abhishek Kumar S.
ibibo web pvt. ltd.

www.ibibo.com

Mob: +91-9810848283


#8

It is working perfectly fine now, thanks.

I was originally using $http_remote_addr since I noticed in the source
code that any variable that starts with “http_” will have nginx retireve
the variable from the headers_in, and also noticed that remote_addr is
reserved to hold the IP of the actual connection which in my case, would
naturally return the IP of the load balancer. But it didn’t work when
the “underscores_in_headers on” flag was not specified in the config
file.

So out of curiosity, if there is any variable in the header that is
already reserved by nginx for another purpose, e.g., remote_port, we
should use this underscores_in_headers to retrieve it, or did it work
simply because the header had a underscore in it (i.e., REMOTE_ADDR) and
the headers normally don’t have underscores and the lack of the flag was
causing Nginx to consider REMOTE_ADDR to be an invaluid header and
ignore it?

Thanks for the help,
-M


From: Igor S. removed_email_address@domain.invalid
To: removed_email_address@domain.invalid
Sent: Thursday, March 5, 2009 7:29:13 AM
Subject: Re: nginx not setting REMOTE_ADDR properly?

On Wed, Mar 04, 2009 at 06:52:50PM -0800, Mohammad K. wrote:

My nginx is getting requests through a (NetScaler) load balancer, and $remote_addr is returning the load balancer’s IP and not the real user’s IP (which the load balancer sets as REMOTE_ADDR in the header). Any other attribute I should use to get the real user’s IP?

You should use $http_remote_addr and set:

server {
underscores_in_headers on;


#9

On Thu, Mar 05, 2009 at 09:18:11AM -0800, Mohammad K. wrote:

It is working perfectly fine now, thanks.

I was originally using $http_remote_addr since I noticed in the source code that any variable that starts with “http_” will have nginx retireve the variable from the headers_in, and also noticed that remote_addr is reserved to hold the IP of the actual connection which in my case, would naturally return the IP of the load balancer. But it didn’t work when the “underscores_in_headers on” flag was not specified in the config file.

So out of curiosity, if there is any variable in the header that is already reserved by nginx for another purpose, e.g., remote_port, we should use this underscores_in_headers to retrieve it, or did it work simply because the header had a underscore in it (i.e., REMOTE_ADDR) and the headers normally don’t have underscores and the lack of the flag was causing Nginx to consider REMOTE_ADDR to be an invaluid header and ignore it?

$remote_addr and $http_remote_addr are different things:
$remote_addr is variable which value is a client’s address taken
from socket options, while $http_remote_addr is variable which value
is client’s HTTP request header “Remote-Addr” as any “$http_…”
variable: $http_user_agent, etc.

Usually underscores are not used in header name, therefore by default
nginx ignores headers with underscores in names.


#10

On Wed, Mar 04, 2009 at 06:52:50PM -0800, Mohammad K. wrote:

My nginx is getting requests through a (NetScaler) load balancer, and $remote_addr is returning the load balancer’s IP and not the real user’s IP (which the load balancer sets as REMOTE_ADDR in the header). Any other attribute I should use to get the real user’s IP?

You should use $http_remote_addr and set:

server {
underscores_in_headers on;


#11

Is there any way we can log epoch time and not the string format that
$time_local generates?


#12

These are probably questions for people who have written modules for
Nginx.

So I have written a module with a handler that processes incoming
requests and then would either initiate a subrequest (through its body
filter) or returns 200 back. If a subrequest is called, the module will
use the subrequest’s response to generate the response for the original
request. Clearly, the subrequest is to a proxy that is already defined
in the configuration file.
The first question is how do I know if my proxy is timed out? Would my
module’s body or header filter be called if there is a timeout? if so,
what do I look for in those methods to know there is a timeout?
The second question is whether or not there is anyway we can log
whatever information we want within the module. In other words, the
config file only specifies the location of the access_log file and
doesn’t specify any attributes to be logged, but then somewhere in the
module (possibly in the header filter??), we call a method to log
whatever we want.

Thanks,
-M