User Tools

Site Tools


Translations of this page:



nginx

Nginx

Nginx is a high-performance HTTP server that typically outperforms Apache in request handling due to its event-driven, non-threaded architecture and lack of heavyweight modules. Nginx is commonly utilized for serving static content from domains/servers with high traffic volumes.

An increasingly prevalent architecture involves a front-end Nginx server paired with a back-end Apache server in a reverse proxy configuration. In this setup, Nginx acts as the front-line server, accepting all incoming connections and efficiently serving static assets. Concurrently, it proxies requests for dynamic content and server-side scripting to the Apache backend. This division of labor leverages the respective strengths of each server, resulting in improved overall performance when serving a blend of static and dynamic content from the same host.

Error 1 - the same IP address

The trade script logs client IP addresses. By default, when Nginx forwards a request to Apache, the latter perceives the request as originating from the loopback address (127.0.0.1) since Nginx operates on the same server.

So the potential configuration pitfall occurs when Apache perceives all requests as originating from the server's IP address rather than the actual client IP. Consequently, the server-side script will log all requests as coming from a single IP, potentially triggering IP-based rate-limiting or protection mechanisms.

This scenario can be identified when the script detects a match between the server IP and the reported client IP, accompanied by an error message: “Nginx ↔ Apache ERROR $_SERVER[SERVER_ADDR] == $_SERVER[REMOTE_ADDR], please, contact admin.”

To rectify this issue and enable proper IP tracking for trade scripts, the mod_realip module should be installed for Apache, and the Nginx configuration amended to populate the X_REAL_IP header with the actual client IP address.

The desired outcome when accessing /scj/admin/test.php should be: REMOTE_ADDR reflecting the client's IP, not the server IP or 127.0.0.1.

Error 2 - proxy warning

Another common misconfiguration involves the server IP being transmitted not only in the REAL_IP header but also in the HTTP_FORWARDED_FOR header.

This can be detected by accessing /scj/admin/test.php and observing the client IP in the HTTP_FORWARDED_FOR field.

Systems that identify proxies based on the HTTP_FORWARDED_FOR header may erroneously interpret all requests as originating from a proxy, leading to potential issues.

The resolution is to configure Nginx to populate only the REAL_IP header with the client IP address. After applying the fix, accessing /scj/admin/test.php should display the following:

REMOTE_ADDR and REAL_IP: the client's actual IP address
SERVER_ADDR (SERVER_IP): the server's IP address (logically differing from the client IP)
HTTP_FORWARDED_FOR (or HTTP_X_FORWARDED_FOR): absent

Error 2

When nginx passes surfer's ip not only in REAL_IP, but in HTTP_FORWARED_FOR (or HTTP_X_FORWARDED_FOR) as well.

How to check : open /scj/admin/test.php, look for HTTP_FORWARED_FOR (

HTTP_FORWARED_FOR is a field basicly added by proxies, so if SmartCJ sees this field it thinks that a hit comes via proxy.

How to fix: ask admin to pass ip in REAL_IP only. After you have it fixed make sure there's no field HTTP_FORWARED_FOR in /scj/admin/test.php

REMOTE_ADDR and REAL_IP - your real IP, SERVER_ADDR - server's IP (and server's ip and yours are not the same), HTTP_FORWARED_FOR doesnt exists.

nginx.txt · Last modified: 2024/05/27 08:51 by admin