请教公网出入口不同的NAT VPS，Nginx如何获取到真实访客IP

老仙

求大佬们指点，

买了个鸡仔云，打算穿透家里的小鸡出来做后端。

已经用frp穿透到28000端口，

已知入口IP为：1.2.3.4

通过curl 测试IP得值：4.3.2.1

应该是出入口IP不同？



通过指定hosts访问测试站点，但查看日志，获取到的IP全都是4.3.2.1

如果启用"proxy_protocol"则浏览器无法访问，就注释了。






openresty即nginx加功能版，http配置里设置了

1.     set_real_ip_from 0.0.0.0/0;
   
2.     real_ip_header X-Forwarded-For;

复制代码

server配置如下

1. server {
   
2.     listen 80 ;
   
3.     listen 443 ssl http2 ;
   
4.     # 启用代理协议
   
5.     #listen 80 proxy_protocol ;
   
6.     #listen 443 ssl http2 proxy_protocol ;
   
7.     server_name cq.abc.local;
   
8.     index index.php index.html index.htm default.php default.htm default.html;
   
9.     proxy_set_header Host $host;
   
10.     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    
11.     proxy_set_header X-Forwarded-Host $server_name;
    
12.     proxy_set_header X-Real-IP $remote_addr;
    
13.     proxy_http_version 1.1;
    
14.     proxy_set_header Upgrade $http_upgrade;
    
15.     proxy_set_header Connection "upgrade";
    
16.     # 配置用于获取真实客户端IP的头信息
    
17.     #real_ip_header proxy_protocol;
    
18.     real_ip_recursive on;
    
19.     #
    
20.     access_log /www/sites/cq.abc.local/log/access.log;
    
21.     error_log /www/sites/cq.abc.local/log/error.log;
    
22.     location ^~ /.well-known/acme-challenge {
    
23.         allow all;
    
24.         root /usr/share/nginx/html;
    
25.     }
    
26.     root /www/sites/cq.abc.local/index;
    
27.     if ($scheme = http) {
    
28.         return 301 https://$host$request_uri;
    
29.     }
    
30.     ssl_certificate /www/sites/cq.abc.local/ssl/fullchain.pem;
    
31.     ssl_certificate_key /www/sites/cq.abc.local/ssl/privkey.pem;
    
32.     ssl_protocols TLSv1.3;
    
33.     ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    
34.     ssl_prefer_server_ciphers on;
    
35.     ssl_session_cache shared:SSL:10m;
    
36.     ssl_session_timeout 10m;
    
37.     add_header Strict-Transport-Security "max-age=31536000";
    
38.     error_page 497 https://$host$request_uri;
    
39.     proxy_set_header X-Forwarded-Proto https;
    
40.     ssl_stapling on;
    
41.     ssl_stapling_verify on;
    
42.     include /www/sites/cq.abc.local/proxy/*.conf;
    
43. }

复制代码

反代的location如下

1. location ^~ / {
   
2.     proxy_pass https://127.0.0.1:28000;
   
3.     proxy_set_header Host $host;
   
4.     proxy_set_header X-Real-IP $remote_addr;
   
5.     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   
6.     proxy_set_header REMOTE-HOST $remote_addr;
   
7.     proxy_set_header Upgrade $http_upgrade;
   
8.     proxy_set_header Connection "upgrade";
   
9.     proxy_set_header X-Forwarded-Proto $scheme;
   
10.     proxy_http_version 1.1;
    
11.     add_header X-Cache $upstream_cache_status;
    
12.     add_header Strict-Transport-Security "max-age=31536000";
    
13.     add_header Cache-Control no-cache;
    
14.     # 禁用缓存
    
15.     proxy_cache off;
    
16.     # Disable buffering when the nginx proxy gets very resource heavy upon streaming
    
17.     proxy_buffering off;
    
18. }

复制代码

老仙

dddddddddddd