Nginx

• Cloudflare 顯示訪客的真實 IP
• Reverse Proxy
• Learning Nginx
• Tips

Cloudflare 顯示訪客的真實 IP

如果網站有使用 Cloudflare CDN 服務，在 Nginx 的 access.log 紀錄裡只會出現 Cloudflare 的 IP，而無法紀錄所有網站訪客實際的真實 IP 位址。

這情形對於做網站流量分析會造成訪客來源紀錄不正確的問題，而此篇教學可以解決這問題。

新增 /usr/local/bin/update.cloudflare.ip.sh

#!/bin/bash
# A simple shell script update Cloudflares IP addresses.
# Tested on : Debian and Ubuntu servers and Nginx only
# ----------------------------------------------------------------------------
# Author: Vivek Gite 
# Copyright: 2016 nixCraft under GNU GPL v2.0+
# ----------------------------------------------------------------------------
# Last updated 23 Apr 2017
# ----------------------------------------------------------------------------
## source for IPv4 and IPv6 urls ##
ipf='https://www.cloudflare.com/ips-v4'
ips='https://www.cloudflare.com/ips-v6'

## temp file location ##
t_ip_f="$(/bin/mktemp /tmp/cloudflare.XXXXXXXX)"
t_ip_s="$(/bin/mktemp /tmp/cloudflare.XXXXXXXX)"

## nginx config for Cloudflare ##
conf_out="/etc/nginx/conf.d/cloudflare.real.ip.conf"

## grab files ##
/usr/bin/wget -q -O $t_ip_f $ipf
/usr/bin/wget -q -O $t_ip_s $ips

## generate it ##
/usr/bin/awk '{ print "set_real_ip_from " $1 ";" }' $t_ip_f > $conf_out
/usr/bin/awk '{ print "set_real_ip_from " $1 ";" }' $t_ip_s >> $conf_out
echo 'real_ip_header CF-Connecting-IP;' >> $conf_out

## delete temp files ##
[ -f "$t_ip_f" ] && /bin/rm -f $t_ip_f
[ -f "$t_ip_s" ] && /bin/rm -f $t_ip_s

## reload nginx ##
/bin/systemctl reload nginx

chmod +x /usr/local/bin/update.cloudflare.ip.sh

設定 Nginx
/etc/nginx/conf.d/<you-web-site>.conf

...
...
 include "/etc/nginx/conf.d/cloudflare.real.ip.conf";

執行 /usr/local/bin/update.cloudflare.ip.sh

/usr/local/bin/update.cloudflare.ip.sh

測試網站瀏覽
檢查 /var/log/nginx/access.log 是否可以顯示訪客的來源 IP

定期更新

@weekly /usr/local/bin/update.cloudflare.ip.sh

延伸閱讀

• Nginx restore real IP address when behind a reverse proxy

Reverse Proxy

Nginx Proxy Manager

Docker container for managing Nginx proxy hosts with a simple, powerful interface

• Nginx Proxy Manager
• GitHub: https://github.com/NginxProxyManager/nginx-proxy-manager 
• How to Install and Use Nginx Proxy Manager with Docker
• YT: NginX Proxy Manager is a free, open source, GUI for the NginX Reverse Proxy making it easy to use.
• YT: Docker and Running your self-hosted applications in a more secure way behind a reverse proxy.

nginx-proxy

nginx-proxy sets up a container running nginx and docker-gen. docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped.

• GitHub: https://github.com/nginx-proxy/nginx-proxy 
• Automated Nginx Reverse Proxy for Docker

Learning

• Forward Proxy vs Reverse Proxy vs Load Balancers

Learning Nginx

• The NGINX Handbook – Learn NGINX for Beginners

Hardening Nginx

• How to password protect directory with Nginx .htpasswd authentication

Nginx with Docker

• Host Multiple Websites on One server using Docker Containers

Performance Tuning

• Nginx Performance Tuning

Management Tools

• Nginx UI - Yet another Nginx Web UI
  • GitHub: https://github.com/0xJacky/nginx-ui 

Tips

FAQ

Fix: Too Many Open Files

• How to Fix 'Too Many Open Files' Error in Nginx