Nginx

GeoIP 和 Nginx

  • October 5, 2012

我有一個帶有 geoip 的 nginx,但它不能正常工作。問題是下一個:

Nginx 正在從具有真實客戶端 IP 的$_SERVER['REMOTE_ADDR']而不是獲取地理數據。$_SERVER['HTTP_X_HAPROXY_IP']因此,報告的地理數據屬於我的伺服器 ip 而不是客戶端 ip。

有沒有人可以修復它的錯誤?

Nginx 版本和編譯模組:

nginx -V
nginx version: nginx/1.2.3
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --error-log-    path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-pcre-jit --with-debug --with-file-aio --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_realip_module --with-http_secure_link_module --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_xslt_module --with-ipv6 --with-sha1=/usr/include/openssl --with-md5=/usr/include/openssl --with-mail --with-mail_ssl_module --add-module=/usr/src/nginx/source/nginx-1.2.3/debian/modules/nginx-auth-pam --add-module=/usr/src/nginx/source/nginx-1.2.3/debian/modules/nginx-echo --add-module=/usr/src/nginx/source/nginx-1.2.3/debian/modules/nginx-upstream-fair --add-module=/usr/src/nginx/source/nginx-1.2.3/debian/modules/nginx-dav-ext-module --add-module=/usr/src/nginx/source/nginx-1.2.3/debian/modules/nginx-syslog --add-module=/usr/src/nginx/source/nginx-1.2.3/debian/modules/nginx-cache-purge

nginx 站點配置(前端機器)

server {
   root /var/www/storage;

   server_name ~^.*(\.)?mydomain.com$;

   if ($host ~ ^(.*)\.mydomain\.com$) {
           set $new_host $1.mydomain.com;
   }
   if ($host !~ ^(.*)\.mydomain\.com$) {
           set $new_host www.mydomain.com;
   }

   add_header Staging true;
   real_ip_header X-HAProxy-IP;
   set_real_ip_from 10.5.0.10/32;

   location /files {
           expires 30d;
           if ($uri !~ ^/files/([a-fA-F0-9]+)_(220|45)\.jpg$) {
                   return 403;
           }
           rewrite  ^/files/([a-fA-F0-9][a-fA-F0-9])([a-fA-F0-9][a-fA-F0-9])([a-fA-F0-9][a-fA-F0-9])([a-fA-F0-9][a-fA-F0-9])([a-fA-F0-9]+)_(220|45)\.jpg$ /files/$1/$2/$3/$4/$1$2$3$4$5_$6.jpg break;
           try_files $uri @to_backend;
   }

   location /assets {
           if ($uri ~ ^/assets/r([a-zA-Z0-9]+[^/])(/(css|js|fonts)/.*)) {
                   rewrite ^/assets/r([a-zA-Z0-9]+[^/])/(css|js|fonts)/(.*)$ /assets/$2/$3 break;
           }
           try_files $uri @to_backend;
   }

   location / {
           proxy_set_header Host $new_host;
           proxy_set_header X-HAProxy-IP $remote_addr;
           proxy_pass http://10.5.0.10:8080;
   }

   location @to_backend {
           proxy_set_header Host $new_host;
           proxy_pass http://10.5.0.10:8080;
   }
}

nginx.conf(後端機器)

http{
...
   ##
   # GeoIP Config
   ##
   geoip_country  /etc/nginx/geoip/GeoIP.dat; # the country IP database
   geoip_city     /etc/nginx/geoip/GeoLiteCity.dat; # the city IP database
...
}

fastcgi_params(後端機器)

### SET GEOIP Variables ###
fastcgi_param  GEOIP_COUNTRY_CODE               $geoip_country_code;
fastcgi_param  GEOIP_COUNTRY_CODE3              $geoip_country_code3;
fastcgi_param  GEOIP_COUNTRY_NAME               $geoip_country_name;
fastcgi_param  GEOIP_CITY_COUNTRY_CODE          $geoip_city_country_code;
fastcgi_param  GEOIP_CITY_COUNTRY_CODE3         $geoip_city_country_code3;
fastcgi_param  GEOIP_CITY_COUNTRY_NAME          $geoip_city_country_name;
fastcgi_param  GEOIP_REGION                     $geoip_region;
fastcgi_param  GEOIP_CITY                       $geoip_city;
fastcgi_param  GEOIP_POSTAL_CODE                $geoip_postal_code;
fastcgi_param  GEOIP_CITY_CONTINENT_CODE        $geoip_city_continent_code;
fastcgi_param  GEOIP_LATITUDE                   $geoip_latitude;
fastcgi_param  GEOIP_LONGITUDE                  $geoip_longitude;

haproxy.conf(前端機器)

defaults
   log global
   option forwardfor
   option httpclose
   mode http
   retries 3
   option redispatch
   maxconn 4096
   contimeout 100000
   clitimeout 100000
   srvtimeout 100000

listen cluster_webs *:8080
   mode http
   option tcpka
   option httpchk
   option httpclose
   option forwardfor
   balance roundrobin
   server backend-stage 10.5.0.11:80 weight 1

$_SERVER轉儲: http: //paste.laravel.com/7dy

10.5.0.10前端私有ip和10.5.0.11後端私有ip在哪裡

您需要在 nginx 中配置realip模組以設置 $remote_addr 以供 geoip 模組使用:

real_ip_header X-HAProxy-IP;
set_real_ip_from your.haproxy.ip/32;

引用自:https://serverfault.com/questions/435164