Nginx
Nginx是非同步框架的網頁伺服器,也可以用作反向代理、負載平衡器和HTTP快取。該軟體由伊戈爾·賽索耶夫建立並於2004年首次公開發布。2011年成立同名公司以提供支援。2019年3月11日,Nginx公司被F5 Networks以6.7億美元收購。 Nginx是免費的開源軟體,根據類BSD授權條款的條款釋出。
Cloudflare 顯示訪客的真實 IP
如果網站有使用 Cloudflare CDN 服務,在 Nginx 的 access.log 紀錄裡只會出現 Cloudflare 的 IP,而無法紀錄所有網站訪客實際的真實 IP 位址。
這情形對於做網站流量分析會造成訪客來源紀錄不正確的問題,而此篇教學可以解決這問題。
新增 /usr/local/bin/update.cloudflare.ip.sh
#!/bin/bash
# A simple shell script update Cloudflares IP addresses.
# Tested on : Debian and Ubuntu servers and Nginx only
# ----------------------------------------------------------------------------
# Author: Vivek Gite
# Copyright: 2016 nixCraft under GNU GPL v2.0+
# ----------------------------------------------------------------------------
# Last updated 23 Apr 2017
# ----------------------------------------------------------------------------
## source for IPv4 and IPv6 urls ##
ipf='https://www.cloudflare.com/ips-v4'
ips='https://www.cloudflare.com/ips-v6'
## temp file location ##
t_ip_f="$(/bin/mktemp /tmp/cloudflare.XXXXXXXX)"
t_ip_s="$(/bin/mktemp /tmp/cloudflare.XXXXXXXX)"
## nginx config for Cloudflare ##
conf_out="/etc/nginx/conf.d/cloudflare.real.ip.conf"
## grab files ##
/usr/bin/wget -q -O $t_ip_f $ipf
/usr/bin/wget -q -O $t_ip_s $ips
## generate it ##
/usr/bin/awk '{ print "set_real_ip_from " $1 ";" }' $t_ip_f > $conf_out
/usr/bin/awk '{ print "set_real_ip_from " $1 ";" }' $t_ip_s >> $conf_out
echo 'real_ip_header CF-Connecting-IP;' >> $conf_out
## delete temp files ##
[ -f "$t_ip_f" ] && /bin/rm -f $t_ip_f
[ -f "$t_ip_s" ] && /bin/rm -f $t_ip_s
## reload nginx ##
/bin/systemctl reload nginxchmod +x /usr/local/bin/update.cloudflare.ip.sh設定 Nginx
/etc/nginx/conf.d/<you-web-site>.conf
...
...
include "/etc/nginx/conf.d/cloudflare.real.ip.conf";執行 /usr/local/bin/update.cloudflare.ip.sh
/usr/local/bin/update.cloudflare.ip.sh測試網站瀏覽
檢查 /var/log/nginx/access.log 是否可以顯示訪客的來源 IP
定期更新
@weekly /usr/local/bin/update.cloudflare.ip.sh延伸閱讀
Reverse Proxy
Nginx Proxy Manager
Docker container for managing Nginx proxy hosts with a simple, powerful interface
- Nginx Proxy Manager
- GitHub: https://github.com/NginxProxyManager/nginx-proxy-manager
- How to Install and Use Nginx Proxy Manager with Docker
- YT: NginX Proxy Manager is a free, open source, GUI for the NginX Reverse Proxy making it easy to use.
- YT: Docker and Running your self-hosted applications in a more secure way behind a reverse proxy.
Learning Nginx
Hardening Nginx
Nginx with Docker
Performance Tuning
Management Tools
- Nginx UI - Yet another Nginx Web UI