DebianのサーバのPb REMOTE_ADDRのapache2/nginxのと間違って

Question

まず、私は私のDebianのサーバーに問題がある...私の悪い英語のため

をお許し下さい。

最近、（css、js、img）などの静的ファイルを取得するためにNginxをインストールしました。

しかし、PHPのファイルで$ _SERVER var_dumpを実行すると、私のremote_addrが間違っています。私は今127.0.0.1を持っています。

状況を理解するためのファイルの詳細：

FILE：/etc/apache2/sites-enabled/000-default.conf：

NameVirtualHost *:8080 

Listen 8080 

<IfModule ssl_module> 
    Listen 443 
</IfModule> 

<IfModule mod_gnutls.c> 
    Listen 443 
</IfModule> 

FILE /etc/apache2/ports.confを

<VirtualHost *:8080> 
    # Configuration Globale du serveur 
    ServerAdmin webmaster@X.com 
    DocumentRoot /var/www/ 
    <Directory /> 
     Options FollowSymLinks 
     AllowOverride All 
    </Directory> 
    <Directory /var/www/> 
     Options FollowSymLinks 
     AllowOverride All 
     Allow from all 
    </Directory> 

    ServerSignature Off 

    ErrorLog ${APACHE_LOG_DIR}/error.log 

    # Possible values include: debug, info, notice, warn, error, crit, 
    # alert, emerg. 
    LogLevel warn 

    CustomLog ${APACHE_LOG_DIR}/access.log combined 
</VirtualHost> 

FILE：の/ etc/nginxの/サイト対応/デフォルト

server { 

    listen 80; 

    # Make site accessible from http://localhost/ 
    server_name 78.198.62.X; 

    # Header cache control 
    add_header Cache-Control public; 

    # Redirection des fichiers statiques 
    location ~* \.(jpg|jpeg|gif|css|png|js|ico|swf|mp3|mp4|svg|eot|ttf|woff|txt|xml|json|pdf|zip|doc|ppt|xls)$ { 

     expires   max; 
      access_log  off; 
      error_log  off; 
      log_not_found off; 
    } 

    # Redirection par défaut 
    location/{ 

     include /etc/nginx/proxy_params; 

     proxy_pass    http://127.0.0.1:8080; 
     proxy_redirect   off; 

     client_max_body_size 10m; 
     client_body_buffer_size 128k; 
     proxy_connect_timeout 90; 
     proxy_send_timeout  90; 
     proxy_read_timeout  90; 
     proxy_buffers   32 4k; 

     # Désactivation des logs 
     access_log off; 
     error_log off; 
    } 
} 

OUTPUTの$ _SERVERのPHP：

array (size=35) 
    'HTTP_HOST' => string '78.198.62.X' (length=13) 
    'HTTP_X_REAL_IP' => string '192.168.0.254' (length=13) 
    'HTTP_X_FORWARDED_FOR' => string '192.168.0.254' (length=13) 
    'HTTP_X_FORWARDED_PROTO' => string 'http' (length=4) 
    'HTTP_CONNECTION' => string 'close' (length=5) 
    'HTTP_USER_AGENT' => string 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0' (length=77) 
    'HTTP_ACCEPT' => string 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' (length=63) 
    'HTTP_ACCEPT_LANGUAGE' => string 'fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3' (length=35) 
    'HTTP_ACCEPT_ENCODING' => string 'gzip, deflate' (length=13) 
    'HTTP_COOKIE' => string '_pk_id.8.3298=7f53d6e0a0332698.1495531633.1.1495532306.1495531633.; FREEBOXOS="paFjdSexOLSr0RgOVjoSeZKdsh2TdXufsoLX475Z9M2SOBuqyc74XVLTzH12kfAB"' (length=144) 
    'HTTP_DNT' => string '1' (length=1) 
    'HTTP_UPGRADE_INSECURE_REQUESTS' => string '1' (length=1) 
    'PATH' => string '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' (length=60) 
    'SERVER_SIGNATURE' => string '' (length=0) 
    'SERVER_SOFTWARE' => string 'Apache' (length=6) 
    'SERVER_NAME' => string '78.198.62.X' (length=13) 
    'SERVER_ADDR' => string '127.0.0.1' (length=9) 
    'SERVER_PORT' => string '8080' (length=4) 
    'REMOTE_ADDR' => string '127.0.0.1' (length=9) 
    'DOCUMENT_ROOT' => string '/var/www/' (length=9) 
    'REQUEST_SCHEME' => string 'http' (length=4) 
    'CONTEXT_PREFIX' => string '' (length=0) 
    'CONTEXT_DOCUMENT_ROOT' => string '/var/www/' (length=9) 
    'SERVER_ADMIN' => string 'webmaster@X.com' (length=25) 
    'SCRIPT_FILENAME' => string '/var/www/test_geoip.php' (length=23) 
    'REMOTE_PORT' => string '54432' (length=5) 
    'GATEWAY_INTERFACE' => string 'CGI/1.1' (length=7) 
    'SERVER_PROTOCOL' => string 'HTTP/1.0' (length=8) 
    'REQUEST_METHOD' => string 'GET' (length=3) 
    'QUERY_STRING' => string '' (length=0) 
    'REQUEST_URI' => string '/test_geoip.php' (length=15) 
    'SCRIPT_NAME' => string '/test_geoip.php' (length=15) 
    'PHP_SELF' => string '/test_geoip.php' (length=15) 
    'REQUEST_TIME_FLOAT' => float 1495606898.941 
    'REQUEST_TIME' => int 1495606898 

サーバー情報：あなたは本当のクライアントのIPアドレスを取得するには少しコーディングを行う必要があり、スクリプトで

DEBIAN 8.8 
Apache/2.4.10 (Debian) 
nginx/1.6.2 
PHP 5.6.30-0+deb8u1 (cli) (built: Feb 8 2017 08:50:21) 
mysql Ver 14.14 Distrib 5.5.55 
Kernel 3.16.0-4-amd64 

Answer 1

（real_ip_header）、またはreal_ip_headerを設定ファイルに設定します。あなたのnginx.confは、/ etc/nginxの上にある/、次の行を追加し http://blog.stevesmind.net/2012/10/nginx-not-reading-real-client-ip-address/

編集： を見てください

proxy_set_headerのX-のReal-IPの$ REMOTE_ADDRを。

Nginx replace REMOTE_ADDR with X-Forwarded-For

Answer 2

ありがとうございます。 それはhttp://78.198.62.X/test.phpで働いていますが、私のvhost example.comでは機能しませんでした。 これは変です

私はvhost apache example.comを設定しました。

FILE：/etc/nginx/sites-enabled/example.com

# HTTP SERVER 80 
server { 

    # Listen Port 
    listen 80; 

    # Root Directory 
    root /var/www/example.com; 
    index index.php; 

    # Make site accessible from http://example.com/ 
    server_name example.com; 

    # Header cache control 
    add_header Cache-Control public; 

    # Redirection par défaut 
    location/{ 

     proxy_pass    http://example.com:8080; 
     proxy_redirect   off; 

     proxy_set_header  Host    $http_host; 
     proxy_set_header  X-Real-IP   $remote_addr; 
     proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for; 
     proxy_set_header  X-Forwarded-Proto $scheme; 

     client_max_body_size 10m; 
     client_body_buffer_size 128k; 
     proxy_connect_timeout 90; 
     proxy_send_timeout  90; 
     proxy_read_timeout  90; 
     proxy_buffers   32 4k; 

     # Désactivation des logs 
     access_log off; 
     error_log off; 
    } 
} 

# HTTPS SERVER 443 
server { 

    # Listen Port 
    listen 443 ssl; 

    # Root Directory 
    root /var/www/example.com; 
    index index.php; 

    # Make site accessible from https://example.com/ 
    server_name example.com; 

    # Certificates Path 
    ssl_certificate  /etc/letsencrypt/live/example.com/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; 

    # Header cache control 
    add_header Cache-Control public; 

    # Redirection par défaut 
    location/{ 

     proxy_pass    https://example.com:8181; 
     proxy_redirect   off; 

     proxy_set_header  Host    $http_host; 
     proxy_set_header  X-Real-IP   $remote_addr; 
     proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for; 
     proxy_set_header  X-Forwarded-Proto $scheme; 

     client_max_body_size 10m; 
     client_body_buffer_size 128k; 
     proxy_connect_timeout 90; 
     proxy_send_timeout  90; 
     proxy_read_timeout  90; 
     proxy_buffers   32 4k; 

     # Désactivation des logs 
     access_log off; 
     error_log off; 
    } 
} 

FILE：

/etc/apache2/sites-enabled/example.com-ssl.conf

<IfModule mod_ssl.c> 
    <VirtualHost *:8181> 
     ServerAdmin webmaster@example.com 
     ServerName www.example.com 
     ServerAlias example.com 
     DocumentRoot /var/www/example.com 
     <Directory /var/www/example.com> 
      Options FollowSymLinks 
      AllowOverride All 
      Allow from all 
      AuthUserFile /var/.htpasswd 
      AuthName "AUTHENTIFICATION" 
      AuthType Basic 
      <Limit GET POST> 
       Require valid-user 
      </Limit> 
     </Directory> 

     ServerSignature Off 
     SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem 
     SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem 
    </VirtualHost> 
</IfModule>