Nginx中文文档

HttpRealIp

This module lets to change the client's IP address to value from request header (e. g. X-Real-IP or X-Forwarded-For).

It is useful if nginx works behind some proxy of L7 load balanver, and request come from local IP, but proxy add request header with client's IP.

This module isn't built by default, enable it with the configure option

--with-http_realip_module

User Note: "You will build a list of trusted proxies (see below) and the first IP in the header which is not trusted will be used as the client IP." Source: README of the Apache module mod_extract . Quite informative, about why and how this security feature is helpful.

Example:

set_real_ip_from   192.168.1.0/24;
set_real_ip_from   192.168.2.1;
real_ip_header     X-Real-IP;

指令

set_real_ip_from

syntax: set_real_ip_from [the address|CIDR]

default: none

context: http, server, location

This directive describes the trusted addresses, which transfer accurate address for the replacement.

real_ip_header

syntax: real_ip_header [X-Real-IP|X-Forwarded-For]

default: real_ip_header X-Real-IP

context: http, server, location

This directive sets the name of the header used for transferring the replacement IP address.

References

Original Documentation