Question 97979 in Nginx Question posted in
The official documentation can be found here.

Forward IP Addresses – NGINX and IIS

We have a working NGINX redirecting our external users to our IIS server. The problem is that the IP seen by the IIS is the NGINX machine, not the IP from external users. Our logs are full of "10.0.0.2" IPs which is incorrect.

A similar configuration file is shown. We already included "proxy_set_header" lines.

Is this config file correct? What should be done at IIS server? Should we just include some topics at web.config file? If this is the case, what should we add?

server {
listen      10.0.0.2:443 ssl;
server_name web.mydomain.com;
ssl_certificate      /home/admin/conf/web/ssl.web.mydomain.com.pem;
ssl_certificate_key  /home/admin/conf/web/ssl.web.mydomain.com.key;
error_log  /var/log/apache2/domains/web.mydomain.com.error.log error;

location / {
    proxy_set_header        x-real-IP       Host    $host;
    proxy_set_header        X-Real-IP               $remote_addr;
    proxy_set_header        X-Forwarded-Proto       https;
    proxy_set_header        X-Forwarded-For         $remote_addr;
    proxy_set_header        X-Forwarded-Host        $remote_addr;
    proxy_pass      https://10.0.0.11;
    location ~* ^.+.(jpeg|jpg|png|gif|bmp|ico|svg|tif|tiff|css|js|htm|html|ttf|otf)$ {
        root           /home/admin/web/web.mydomain.com/public_html;
        access_log     /var/log/apache2/domains/web.mydomain.com.log combined;
        access_log     /var/log/apache2/domains/web.mydomain.com.bytes bytes;
        expires        max;
        try_files      $uri @fallback;
    }
}

location /error/ {
    alias   /home/admin/web/web.mydomain.com/document_errors/;
}

location @fallback {
    proxy_pass      https://10.0.0.11;
}

location ~ /.ht    {return 404;}
location ~ /.svn/  {return 404;}
location ~ /.git/  {return 404;}
location ~ /.hg/   {return 404;}
location ~ /.bzr/  {return 404;}

include /home/admin/conf/web/snginx.web.mydomain.com.conf*;

}

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    At first I though this would be something related to IIS/NGINX, but after @lex-li and @bruce-zhang repplies I researched more about it.

    I actually did not know but inside our application (running at IIS) there are listeners to those headers, and those listeners were not properly implemented.

    So it was just a misalignment between our application and NGINX.

    Thanks both @lex-li and @bruce-zhang


  2. 0

    You can use IIS enhanced logging to write custom headers like X-Forwarded-For to log files,

    https://learn.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/site/logfile/customfields/add

    There is no way to change the source IP field, because indeed that’s IP address recorded in the TCP/HTTP packets.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search