Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Nginx proxy to Nginx and IP forward
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Nginx proxy to Nginx and IP forward

ShamliShamli Member
edited July 2012 in General

Hi all.

I've set up an nginx proxy to proxy another server which is also an nginx. Reason for me doing this is to avoid DDOS and by using proxy server with high bandwidth.

The problem is,after reading up all I can find through Google,seems I cant get the real IP to the backend nginx server. It keeps on giving me the IP of the proxy server.

Below are my nginx config on both. Hope someone can help me fix it.

Front server(nginx proxying request)
Vhost config
Nginx config

backend server(Nginx+PHP-FPM+MySQL)
Vhost config

Comments

  • namename Member

    You can put all IP in X-Real-IP or X-Forwarded-For chain, and let your php script filter all proxy IP address IMO.

  • ShamliShamli Member

    Yeah...have thought of that.. but there are two of what I want to achieve...
    1-have it logged correct IP in log file
    2-filter out those coming from blaclisted IP/Country by PHP

  • NickMNickM Member

    You need to set "set_real_ip_from your.proxy.server.IP" in your vhost config file. You should also set real_ip_header to X-Real-IP

  • ShamliShamli Member

    @NickM Thanks...that works...I dont see anywhere that say I need to set "set_real_ip_from your.proxy.server.IP" in my backend vhost config file....
    Maybe I missed them...=)

  • NickMNickM Member

    Yeah, it seems that the docs don't mention that it's required. But, it does make sense to require it, since it's basically a list of IP addresses that you trust to send the correct IP. It wouldn't be a good idea to default to trusting all IPs.

  • ShamliShamli Member

    right...seems my problems now solved...I'm able to get the real ip on my log and also on my PHP script...

    Thanks..=)

  • With the country blocking, if it's the same rules for the whole vps why not block via Nginx GeoIP? (On the proxy server)

    http://wiki.nginx.org/HttpGeoipModule

  • ShamliShamli Member

    Perhaps by using WIPMania,I could offload the stress on my server...

    WIPMania

  • telephonetelephone Member
    edited July 2012

    @Shamli said: Perhaps by using WIPMania,I could offload the stress on my server...

    Nope. That's using an external call every lookup (very taxing!).

    You're best bet to offload stress is to run the Geo checking at the lowest level possible.
    If you still want to use PHP, then use the C API (not pure PHP). You can easily install it via PECL.
    But if you're just blocking/redirecting countries, you're best bet is to run it via Nginx. That way a PHP thread won't need to be spawned for blocking.

    Also if you're only looking up countries, make sure to use the country database from Maxmind (not the city database). It's a lot smaller and will read a lot quicker:

    http://www.maxmind.com/app/benchmark

  • ShamliShamli Member

    @telephone installed Maxmind Geoip on proxy server and now it's running as intended..
    done the rule on nginx config file...
    Thanks for ur suggestion...

    Thanked by 1telephone
  • You can use IP2Location Nginx module to block unwated traffics as well.

Sign In or Register to comment.