CHSHJ 发表于 2016-12-25 07:46:04

WordPress+Nginx+proxy取得真实IP

如果WordPress运行在Nginx作为proxy代理的后端,那么,WP会默认取得$_SERVER['remote_addr']的IP地址.其实这个IP地址是前端Nginx的IP地址,是不对的.如何才能使WordPress取得真实IP地址呢?方法很简单,有几种,下面说下两种:
首先,我们定义一下,假设运行Nginx Proxy的,为服务器A,而运行WordPress的,为服务器B(可以是Nginx,Apache,Lighttpd,IIS等).
1.使用HttpRealIpModule模块:HTTP_X_REAL_IP.
HttpRealIpModule模块不会默认安装到Nginx中.您需要配置Nginx,添加--with-http_realip_module选项重新编译安装一次Nginx.
然后在Nginx Proxy前端添加:
proxy_set_header X-Real-IP $remote_addr;
重新加载Nginx的配置:
/usr/local/nginx/sbin/nginx -s reload
这时候,客户真实IP会保存在$_SERVER['HTTP_X_REAL_IP']变量中,如果使用php程序,输出:
echo $_SERVER['HTTP_X_REAL_IP'];
就会得到用户的真实IP了.
修改WordPress根目录下的wp-config.php:
在第二行添加:
if (isset($_SERVER['HTTP_X_REAL_IP'])) {
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_REAL_IP'];
}
保存退出,完成!
2.使用HTTP_X_FORWARDED_FOR变量
不用安装其它模块.
然后在Nginx Proxy前端,也就是服务器A添加:
proxy_set_header X-Forwarded-For $remote_addr;
重新加载Nginx的配置:
/usr/local/nginx/sbin/nginx -s reload
这时候,客户真实IP则会保存在$_SERVER['HTTP_X_FORWARDED_FOR']变量中,
修改WordPress根目录下的wp-config.php:
在第二行添加:
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ips = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
$_SERVER['REMOTE_ADDR'] = $ips;
}

保存退出,完成!
现在试在WP中添加一个新评论,看下是不是使用了真实IP了?
不但在WordPress可以使用这种方法,举一反三,这种方法可以使用到其它相似的环境中.
如果在php程序中这样输出:
<?php
print_r($_SERVER);
?>
将会得到一些类似的信息,如下图:

图中,
REMOTE_ADDR是前端代理Nginx,也就是服务器A的IP地址.
HTTP_X_REAL_IP就是用户的真实IP地址,这个是有用的.
HTTP_X_FORWARDED_FOR也是用户的真实IP地址,这个是有用的.真如果经过很多次跳转的话,这里将会得到一串以","分隔的IP地址列表.
相关阅读:

[*]Nginx+Memcached高速优化DedeCMS之程序修改
[*]Nginx-JSP-Tomcat-PHP
[*]Nginx整合Tomcat
[*]Nginx服务管理脚本
[*]WordPress自动关键字(词)外链BlogMechanics KeywordLink,SEO优化好插件
转自:http://admclub.com/view/wordpress-nginx-proxy%E5%8F%96%E5%BE%97%E7%9C%9F%E5%AE%9Eip


Stackflow回复:
http://stackoverflow.com/questions/3003145/how-to-get-client-ip-address

Whatever you do, make sure not to trust data sent from the client.$_SERVER['REMOTE_ADDR']containsthe real IP address of the connecting party. That is the most reliable value you can find.
However, they can be behind a proxy server in which case the proxy may have set the$_SERVER['HTTP_X_FORWARDED_FOR'],but this value is easily spoofed. For example, it can be set by someone without a proxy, or the IP can be an internal IP from the LAN behind the proxy.
This means that if you are going to save the$_SERVER['HTTP_X_FORWARDED_FOR'],make sure youalsosavethe$_SERVER['REMOTE_ADDR']value.E.g. by saving both values in different fields in your database.


基本的Nginx配置: 转自张宴:
user www www;

worker_processes 10;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid    logs/nginx.pid;

#最大文件描述符
worker_rlimit_nofile 51200;

events
{
   use epoll;

   worker_connections 51200;
}

http
{
   include    conf/mime.types;
   default_type application/octet-stream;

   keepalive_timeout 120;

   tcp_nodelay on;

   upstream www.s135.com{
       server192.168.1.2:80;
       server192.168.1.3:80;
       server192.168.1.4:80;
       server192.168.1.5:80;
   }

   upstream blog.s135.com {
       server192.168.1.7:8080;
       server192.168.1.7:8081;
       server192.168.1.7:8082;
   }

   server
   {
       listen 80;
       server_name www.s135.com;

       location / {
         proxy_pass    http://www.s135.com;
         proxy_set_headerHost       $host;
         proxy_set_headerX-Real-IP    $remote_addr;
         proxy_set_headerX-Forwarded-For $proxy_add_x_forwarded_for;
       }

       log_format www_s135_com '$remote_addr - $remote_user [$time_local] $request '
                '"$status" $body_bytes_sent "$http_referer" '
                '"$http_user_agent" "$http_x_forwarded_for"';
       access_log /data1/logs/www.log www_s135_com;
   }

   server
   {
       listen 80;
       server_name blog.s135.com;

       location / {
         proxy_pass    http://blog.s135.com;
         proxy_set_headerHost       $host;
         proxy_set_headerX-Real-IP    $remote_addr;
         proxy_set_headerX-Forwarded-For $proxy_add_x_forwarded_for;
       }

       log_format blog_s135_com '$remote_addr - $remote_user [$time_local] $request '
                '"$status" $body_bytes_sent "$http_referer" '
                '"$http_user_agent" "$http_x_forwarded_for"';
       access_log /data1/logs/blog.log blog_s135_com;
   }
}

此时获取客户端IP方法如下:


function getIP() {
if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    return$_SERVER['HTTP_X_FORWARDED_FOR'];
} else if(isset($_SERVER['HTTP_X_REAL_IP'])){
    return$_SERVER['HTTP_X_REAL_IP']);
}else if(isset($_SERVER['REMOTE_ADDR'])) {    return$_SERVER['REMOTE_ADDR']);
} else {
    return '';
}

}
页: [1]
查看完整版本: WordPress+Nginx+proxy取得真实IP