Ourx Ourx - 4 months ago 32
PHP Question

nginx real client ip not working

i have nginx, php7 and http_realip_module installed.

i have 1 server that serves 2 websites.

site 1 nginx config:

server {
...
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_read_timeout 300;

proxy_set_header REMOTE_ADDR $http_x_real_ip;
proxy_set_header X-Forwarded-For $http_x_real_ip;
}
}


this populates the client's IP address when i dump $_SERVER['REMOTE_ADDR"].

site 1 connects to site 2 using curl like a simply api.

$ch = curl_init();
curl_setopt($ch, CURLOPT_USERAGENT, $userAgent);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
curl_setopt($ch, CURLOPT_URL, $serverUrl);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
"REMOTE_ADDR: ".$_SERVER['REMOTE_ADDR'],
"HTTP_X_FORWARDED_FOR: ".$_SERVER['REMOTE_ADDR'],
));
$result = curl_exec($ch);


site 2 nginx config:

server {
...
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_read_timeout 300;

set_real_ip_from 127.0.0.1;
real_ip_header X-Forwarded-For;
real_ip_recursive on;

}
}


i can see that the script on site 2 gets called, but when i check the $_SERVER['REMOTE_ADDR'] variable in PHP it comes up with the server's IP address rather than the client's ip address. is the nginx setup correct here?

how can i get this to work correctly?

Answer

After some discussion and some trial/error below, we've found the best solution was to simply pass it through a $_GET parameter.

Try using a completely custom header:

curl_setopt($ch, CURLOPT_URL, $serverUrl . '?client_ip=' . $_SERVER['REMOTE_ADDR']);

Because you're simply forwarding this variable on, it's not really necessary to try and tailor it to a header.

After even further discussion, I found that nginx strips headers with underscores by default. Simply changing the underscores to dashes allows the end host to get the headers:

curl_setopt($ch, CURLOPT_HTTPHEADER, array( 
    "X-CLIENT-REMOTE-IP: " . $_SERVER['REMOTE_ADDR']
));
Comments