有CDN的情况下让nginx获取真实IP

By default, Cloudflare acts as a reverse proxy.  As such, all connections to your origin web server come from Cloudflare IP addresses, and there are some issues that you need to aware of:

  • If your web application is using the originating IP of the visitor as part of its logic, it will now use a Cloudflare IP address instead
  • If you use the content of your access logs, they now contain a Cloudflare IP address as the  $remote_addr

However, Cloudflare follows industry standards and includes the visitor’s IP address in the X-Forwarded-For header. We also add a CF-Connecting-IP header that may be used as well. You can use these headers to either restore the originating IP of your visitor for your web application or to be include it in your logs.

 

Restoring the original visitor IP for your web application

Please use the following Nginx module and the following configuration parameters:

That list of prefixes needs to be updated regularly, and we publish the full list in Cloudflare IP addresses.
Including the original visitor IP in your logs

You can include the variables $http_cf_connecting_ip and $http_x_forwarded_for in the log_format directive.

Also see: Cloudflare and Nginx

发表评论

电子邮件地址不会被公开。 必填项已用*标注