fix: wrong IP address with CDN

4 years ago · f0b699a1f9
4 changed files with 66 additions and 16 deletions
--- a/README.md
+++ b/README.md
@ -163,6 +163,39 @@ shell> vim ip.conf
 shell> nginx -s reload
 ```

+### 特殊情况
+
+在一些情况下，可能Nginx无法直接监听80与443端口，而是通过前置服务转发到指定端口，这种情况下配置文件需要稍加改动，同时前置服务器应开启 `Proxy Protocol` 支持。
+
+```
+# http流量转发到TCP/81端口
+server {
+    listen 81 proxy_protocol;
+    listen [::]:81 proxy_protocol;
+    server_name ip.343.re; # 改为自己的域名
+    location / {
+        if ($http_user_agent !~* (curl|wget)) {
+            return 301 https://$server_name$request_uri;
+        }
+        proxy_set_header X-Real-IP $proxy_protocol_addr;
+        proxy_pass http://127.0.0.1:1601;
+    }
+}
+
+# https流量转发到TCP/444端口
+server {
+    listen 444 ssl http2 proxy_protocol;
+    listen [::]:444 ssl http2 proxy_protocol;
+    server_name ip.343.re; # 改为自己的域名
+    ssl_certificate /etc/ssl/certs/343.re/fullchain.pem; # 改为自己的证书
+    ssl_certificate_key /etc/ssl/certs/343.re/privkey.pem;
+    location / {
+        proxy_set_header X-Real-IP $proxy_protocol_addr;
+        proxy_pass http://127.0.0.1:1601;
+    }
+}
+```
+
 ## 开发资料

 ### Docker容器
@ -170,7 +203,7 @@ shell> nginx -s reload
 制作echoIP镜像

 ```
-shell> docker build -t echoip https://github.com/dnomd343/echoIP.git#main
+shell> docker build -t echoip https://github.com/dnomd343/echoIP.git#master
 ```

 启动容器
@ -206,7 +239,7 @@ shell> docker exec -it echoip bash

 ### IPIP.net

-离线数据库，在 [官网](https://www.ipip.net/product/ip.html) 登录后即可下载，国内可精确到市，格式为ipdb，数据不定期更新。
+离线数据库，在[官网](https://www.ipip.net/product/ip.html)登录后即可下载，国内可精确到市，格式为ipdb，数据不定期更新。

 数据库文件位于 `backend/ipipfree.ipdb`， 查询代码位于 `backend/ipip.php`

--- a/backend/queryInfo.php
+++ b/backend/queryInfo.php
@ -126,9 +126,20 @@ function tryCIDR($beginIP, $endIP) { // 给定IP范围，尝试计算CIDR
 }

 function main() {
-    $ip = $_GET['ip'];
+    $ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; // 获取客户端IP
+    if ($_GET['justip'] == "true") { // 仅查询IP地址
+        if ($_GET['cli'] == "true") { // 命令行模式
+            echo $ip . PHP_EOL;
+        } else {
+            header('Content-Type: application/json; charset=utf-8');
+            echo '{"ip":"' . $ip . '"}'; // 返回JSON数据
+        }
+        exit;
+    }
+    $ip = isset($_GET['ip']) ? $_GET['ip'] : $ip; // 若存在请求信息则查询该IP
+
    if (!filter_var($ip, \FILTER_VALIDATE_IP)) { // 输入IP不合法
-        if ($_GET['cli'] == "true") {
+        if ($_GET['cli'] == "true") { // 命令行模式
            echo "Illegal IP format" . PHP_EOL;
        } else {
            $reply = array();
--- a/conf/nginx/docker.conf
+++ b/conf/nginx/docker.conf
@ -6,8 +6,9 @@ server {
    real_ip_header X-Real-IP;

    location = / {
+        set $empty "";
        if ($http_user_agent ~* (curl|wget)) {
-            return 200 $remote_addr\n;
+            proxy_pass http://127.0.0.1:8080/ip$empty;
        }
        index index.html;
    }
@ -21,10 +22,14 @@ server {
    }

    location = /ip {
+        set $query justip=true;
        if ($http_user_agent ~* (curl|wget)) {
-            return 200 $remote_addr\n;
+            set $query $query&cli=true;
        }
-        return 200 $remote_addr;
+        include fastcgi_params;
+        fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
+        fastcgi_param QUERY_STRING $query;
+        fastcgi_param SCRIPT_FILENAME /var/www/echoIP/backend/queryInfo.php;
    }

    location ~* ^/([^/]+?)$ {
@ -36,11 +41,9 @@ server {

    location ^~ /info {
        set $is_cli 0;
-        set $is_https 0;
        set $is_legal 0;
        if ($uri ~* ^/info/?$) {
            set $is_legal 1;
-            set $query ip=$remote_addr;
        }
        if ($uri ~* ^/info/([^/]+?)$) {
            set $is_legal 1;
@ -57,4 +60,4 @@ server {
        fastcgi_param QUERY_STRING $query;
        fastcgi_param SCRIPT_FILENAME /var/www/echoIP/backend/queryInfo.php;
    }
-}
+}
--- a/conf/nginx/ip.conf
+++ b/conf/nginx/ip.conf
@ -31,8 +31,9 @@ server {
    real_ip_header X-Real-IP;

    location = / {
+        set $empty "";
        if ($http_user_agent ~* (curl|wget)) {
-            return 200 $remote_addr\n;
+            proxy_pass http://127.0.0.1:1601/ip$empty;
        }
        index index.html;
    }
@ -46,10 +47,14 @@ server {
    }

    location = /ip {
+        set $query justip=true;
        if ($http_user_agent ~* (curl|wget)) {
-            return 200 $remote_addr\n;
+            set $query $query&cli=true;
        }
-        return 200 $remote_addr;
+        include fastcgi_params;
+        fastcgi_pass 127.0.0.1:9000; # php-fpm接口
+        fastcgi_param QUERY_STRING $query;
+        fastcgi_param SCRIPT_FILENAME /var/www/echoIP/backend/queryInfo.php;
    }

    location ~* ^/([^/]+?)$ {
@ -61,11 +66,9 @@ server {

    location ^~ /info {
        set $is_cli 0;
-        set $is_https 0;
        set $is_legal 0;
        if ($uri ~* ^/info/?$) {
            set $is_legal 1;
-            set $query ip=$remote_addr;
        }
        if ($uri ~* ^/info/([^/]+?)$) {
            set $is_legal 1;
@ -82,4 +85,4 @@ server {
        fastcgi_param QUERY_STRING $query;
        fastcgi_param SCRIPT_FILENAME /var/www/echoIP/backend/queryInfo.php;
    }
-}
+}