Schema:
nginx1 -> nginx2 -> apache
On nginx2 i’ve got stub status module, and I want to allow only one ip
to view the data.
But when I add the directive, it won’t work, because nginx2 sees that
connection came from nginx1 which is on the same machine as nginx2 so
client ip would be 127.0.0.1.
Is that a bug or it should be that way?
Hello!
On Thu, Dec 18, 2008 at 12:55:58PM +0100, Tomasz P. wrote:
Is that a bug or it should be that way?
http://wiki.codemongers.com/NginxHttpRealIpModule
Maxim D.
i think we misunderstood each other, nginx2 conf:
location / {
set $my_host maintenance.my_domain;
if ($remote_addr ~ ip.address) { set $my_host $host; }
proxy_pass http://127.0.0.1:8080/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $my_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
based on $remote_addr i show proper page or just maintenance page for
users when I need to, but now when I have another nginx (nginx1) in
front of nginx2 this won’t work, because nginx2 sees $remote_addr as the
address of nginx1
same goes for allow directive, wont work on nginx2
On Fri, Dec 19, 2008 at 11:40:15AM +0100, Tomasz P. wrote:
based on $remote_addr i show proper page or just maintenance page for
users when I need to, but now when I have another nginx (nginx1) in
front of nginx2 this won’t work, because nginx2 sees $remote_addr as the
address of nginx1
Maxim has showed the right link. You need to change $remote_addr on
nginx2
to X-Real-Ip value. Howeverm in you case you may simply use
$http_x_real_ip:
location / {
set $my_host maintenance.my_domain;
if ($http_x_real_ip ~ ip.address) { set $my_host $host; }
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $my_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
Also you do not need to set
proxy_set_header X-Real-IP $remote_addr;
on nginx2 as nginx1 has already set X-Real-IP to client’s address.