宝塔nginx站点使用CDN之后如何获取访客的真实IP?

张庆东 发布于 1年前 分类:网站运营

自从网站使用了CDN产品之后一直不能获取到访客的真实IP,都是CDN取源的中间件IP,请问遇到这个问题怎么办?

2个回复

  • Love

    您好,把/www/server/nginx/conf/nginx.conf 配置文件修改为如下,

    user www www;
    worker_processes auto;
    error_log /www/wwwlogs/nginx_error.log crit;
    pid /www/server/nginx/logs/nginx.pid;
    worker_rlimit_nofile 51200;

    events
    {
    use epoll;
    worker_connections 51200;
    multi_accept on;
    }

    http
    {
    include mime.types;
    #include luawaf.conf;

    include proxy.conf;

    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] '
    '"$request" $status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"' ;
    set_real_ip_from 0.0.0.0/0;
    real_ip_header X-Real-IP;

    server_names_hash_bucket_size 512;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 50m;

    sendfile on;
    tcp_nopush on;

    keepalive_timeout 60;

    tcp_nodelay on;

    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 256k;
    fastcgi_intercept_errors on;

    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 5;
    gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml image/png image/jpeg image/webp image/apng image/*;
    gzip_vary on;
    gzip_proxied expired no-cache no-store private auth;
    gzip_disable "MSIE [1-6]\.";

    limit_conn_zone $binary_remote_addr zone=perip:10m;
    limit_conn_zone $server_name zone=perserver:10m;

    server_tokens off;
    access_log off;

    server
    {
    listen 888;
    server_name phpmyadmin;
    index index.html index.htm index.php;
    root /www/server/phpmyadmin;

    #error_page 404 /404.html;
    include enable-php.conf;

    if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") {
    return 403;
    }

    location ~ .*\.(js|css|json|md|csv|log|conf|vue|jpg|jpeg|gif|png|tif|tiff|bmp|svg|psd|ico|tga|imb|mp3|mp4|avi|mpeg|rm|ra|ogg|wav|wmv|rmi|aac|rmvb|mkv|flv|swf|mov|movie|exe|ios|apk|ipa|pxl|sis|cab|deb|rar|zip|gzip|tar|7z|bzip2|dmg|gz|wim|tbz|tpz|z|jar|ttf|otf|woff|woff2|eot|sfnt|pptx|class|ps|mpg|asf|vob|m3u8|mid|midi|wma|pdf|doc|ppt|docx|svgz|webp|img|iso|chm|ts|3gp|msi|bin|manifest)?$
    {
    expires max;
    error_log off;
    access_log /dev/null;
    }

    location ~ /\.
    {
    deny all;
    }

    access_log off;
    }
    include /www/server/panel/vhost/nginx/*.conf;
    }

    然后重启nginx即可,当访客访问的时候获取到的ip都是真实IP。

  • 张庆东

    谢谢啊,真的可以哦,而且防火墙都不用去开cdn选项都可以啊,66666