From f0b699a1f9ba85f56655e2089961becb969d1e14 Mon Sep 17 00:00:00 2001 From: Dnomd343 Date: Fri, 23 Apr 2021 20:45:17 +0800 Subject: [PATCH] fix: wrong IP address with CDN --- README.md | 37 +++++++++++++++++++++++++++++++++++-- backend/queryInfo.php | 15 +++++++++++++-- conf/nginx/docker.conf | 15 +++++++++------ conf/nginx/ip.conf | 15 +++++++++------ 4 files changed, 66 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index aaddcde..c3aaf03 100644 --- a/README.md +++ b/README.md @@ -163,6 +163,39 @@ shell> vim ip.conf shell> nginx -s reload ``` +### 特殊情况 + +在一些情况下,可能Nginx无法直接监听80与443端口,而是通过前置服务转发到指定端口,这种情况下配置文件需要稍加改动,同时前置服务器应开启 `Proxy Protocol` 支持。 + +``` +# http流量转发到TCP/81端口 +server { + listen 81 proxy_protocol; + listen [::]:81 proxy_protocol; + server_name ip.343.re; # 改为自己的域名 + location / { + if ($http_user_agent !~* (curl|wget)) { + return 301 https://$server_name$request_uri; + } + proxy_set_header X-Real-IP $proxy_protocol_addr; + proxy_pass http://127.0.0.1:1601; + } +} + +# https流量转发到TCP/444端口 +server { + listen 444 ssl http2 proxy_protocol; + listen [::]:444 ssl http2 proxy_protocol; + server_name ip.343.re; # 改为自己的域名 + ssl_certificate /etc/ssl/certs/343.re/fullchain.pem; # 改为自己的证书 + ssl_certificate_key /etc/ssl/certs/343.re/privkey.pem; + location / { + proxy_set_header X-Real-IP $proxy_protocol_addr; + proxy_pass http://127.0.0.1:1601; + } +} +``` + ## 开发资料 ### Docker容器 @@ -170,7 +203,7 @@ shell> nginx -s reload 制作echoIP镜像 ``` -shell> docker build -t echoip https://github.com/dnomd343/echoIP.git#main +shell> docker build -t echoip https://github.com/dnomd343/echoIP.git#master ``` 启动容器 @@ -206,7 +239,7 @@ shell> docker exec -it echoip bash ### IPIP.net -离线数据库,在 [官网](https://www.ipip.net/product/ip.html) 登录后即可下载,国内可精确到市,格式为ipdb,数据不定期更新。 +离线数据库,在[官网](https://www.ipip.net/product/ip.html)登录后即可下载,国内可精确到市,格式为ipdb,数据不定期更新。 数据库文件位于 `backend/ipipfree.ipdb`, 查询代码位于 `backend/ipip.php` diff --git a/backend/queryInfo.php b/backend/queryInfo.php index 324559b..a9a1acf 100644 --- a/backend/queryInfo.php +++ b/backend/queryInfo.php @@ -126,9 +126,20 @@ function tryCIDR($beginIP, $endIP) { // 给定IP范围,尝试计算CIDR } function main() { - $ip = $_GET['ip']; + $ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; // 获取客户端IP + if ($_GET['justip'] == "true") { // 仅查询IP地址 + if ($_GET['cli'] == "true") { // 命令行模式 + echo $ip . PHP_EOL; + } else { + header('Content-Type: application/json; charset=utf-8'); + echo '{"ip":"' . $ip . '"}'; // 返回JSON数据 + } + exit; + } + $ip = isset($_GET['ip']) ? $_GET['ip'] : $ip; // 若存在请求信息则查询该IP + if (!filter_var($ip, \FILTER_VALIDATE_IP)) { // 输入IP不合法 - if ($_GET['cli'] == "true") { + if ($_GET['cli'] == "true") { // 命令行模式 echo "Illegal IP format" . PHP_EOL; } else { $reply = array(); diff --git a/conf/nginx/docker.conf b/conf/nginx/docker.conf index 57e1f0e..a58627f 100644 --- a/conf/nginx/docker.conf +++ b/conf/nginx/docker.conf @@ -6,8 +6,9 @@ server { real_ip_header X-Real-IP; location = / { + set $empty ""; if ($http_user_agent ~* (curl|wget)) { - return 200 $remote_addr\n; + proxy_pass http://127.0.0.1:8080/ip$empty; } index index.html; } @@ -21,10 +22,14 @@ server { } location = /ip { + set $query justip=true; if ($http_user_agent ~* (curl|wget)) { - return 200 $remote_addr\n; + set $query $query&cli=true; } - return 200 $remote_addr; + include fastcgi_params; + fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; + fastcgi_param QUERY_STRING $query; + fastcgi_param SCRIPT_FILENAME /var/www/echoIP/backend/queryInfo.php; } location ~* ^/([^/]+?)$ { @@ -36,11 +41,9 @@ server { location ^~ /info { set $is_cli 0; - set $is_https 0; set $is_legal 0; if ($uri ~* ^/info/?$) { set $is_legal 1; - set $query ip=$remote_addr; } if ($uri ~* ^/info/([^/]+?)$) { set $is_legal 1; @@ -57,4 +60,4 @@ server { fastcgi_param QUERY_STRING $query; fastcgi_param SCRIPT_FILENAME /var/www/echoIP/backend/queryInfo.php; } -} +} \ No newline at end of file diff --git a/conf/nginx/ip.conf b/conf/nginx/ip.conf index 046cff8..a004feb 100644 --- a/conf/nginx/ip.conf +++ b/conf/nginx/ip.conf @@ -31,8 +31,9 @@ server { real_ip_header X-Real-IP; location = / { + set $empty ""; if ($http_user_agent ~* (curl|wget)) { - return 200 $remote_addr\n; + proxy_pass http://127.0.0.1:1601/ip$empty; } index index.html; } @@ -46,10 +47,14 @@ server { } location = /ip { + set $query justip=true; if ($http_user_agent ~* (curl|wget)) { - return 200 $remote_addr\n; + set $query $query&cli=true; } - return 200 $remote_addr; + include fastcgi_params; + fastcgi_pass 127.0.0.1:9000; # php-fpm接口 + fastcgi_param QUERY_STRING $query; + fastcgi_param SCRIPT_FILENAME /var/www/echoIP/backend/queryInfo.php; } location ~* ^/([^/]+?)$ { @@ -61,11 +66,9 @@ server { location ^~ /info { set $is_cli 0; - set $is_https 0; set $is_legal 0; if ($uri ~* ^/info/?$) { set $is_legal 1; - set $query ip=$remote_addr; } if ($uri ~* ^/info/([^/]+?)$) { set $is_legal 1; @@ -82,4 +85,4 @@ server { fastcgi_param QUERY_STRING $query; fastcgi_param SCRIPT_FILENAME /var/www/echoIP/backend/queryInfo.php; } -} \ No newline at end of file +}