In most cases, if the request passes through a third-party proxy, the client address received by OpenResty Edge will be the address of the proxy server.
Sometimes, we need to obtain the real client IP address for condition judgment, request frequency limitation, logging and other scenarios.
Set the "Real Source IP Trust Address" and "Real IP Source" in the global configuration
Let's goOpenResty EdgeAdmin Web Console for.This is a sample deployment of our console.Each user has its own local deployment.
First, enter the "Global Config" page.
Multiple configurations are required here.
First, we need to setTrusted hosts to set real IP。
Trusted hosts to set real IPYes Allow settingReal IP headerList of IP addresses for.If the request comes from an untrusted host,Real IP headerWill be ignored.
Enter IP address52.53.251.226。
Next, we need to specify the request header with the real IP address of the proxy.Generally, yesX_Forwarded_For。
If there are multiple IP addresses in the request header, the system will use the last IP address in the list.
preservation.
We need to publish to push this new change.
Click this button.
release!
The changes have now been synchronized to all gateway servers.Now, the changes just made have been pushed to all gateway clusters and servers.
Our configuration changes do not require server reload, restart, or binary upgrade.So it is very efficient and scalable.
Configure the app to output the client address
Now let's set the application to output the client address.
We can continue to use the previous example application, test-edge.com.
Enter the application.
Go to the Page Rules page.
We have defined a page rule.This page rule sets a reverse proxy to an upstream.
We will use EdgeLang to create a page rule to output the client address.We have introduced EdgeLang in a special video.
Click the "Edit" button.
If the condition is set to true, it means that the next part will be executed in any case.
Output the client address.
preservation.
As usual, we need to publish to push this new change.
Click this button.
release!
The changes have now been synchronized to all gateway servers.
Verify the client address received in OpenResty Edge
We will make a request to the gateway server and verify thatOpenResty EdgeThe client address received on.
We log in to the remote server in the United States through the terminal and use it as a proxy.
usecurlThe command line tool sends HTTP requests.
curl http://test-edge.com/
As you can see, the output client address is the proxy address.
Next, we will send a message withX-Forwarded-ForThe HTTP request in the header contains the real client address.
As you can see, the output client address is the proxy address.
The real IP will affect all transactions related to the client IP.
Let's look at some examples.Client cityandClient addressWill be affected.
Limit request rateMovement will also be affected.
However, the ability to limit the SSL or TLS handshake rate of HTTPS requests will not be affected because the client address is not rewritten during the handshake.
About OpenResty Edge
OpenResty EdgeIt is a fully functional gateway software that we independently developed and is most suitable for microservices and distributed traffic.It provides various functions such as page rules, Web Application Firewall (WAF), load balancing, etc.
Zhang Yichun is open sourceOpenResty®Project founder andOpenResty Inc.CEO and founder of the company.
Zhang Yichun (Github ID: agentzh) was born in Jiangsu, China, and now lives in the U.S. Bay Area.He was an advocate and leader of China's early open source technology and culture, and once worked for many internationally renowned high-tech enterprises, such asCloudflareYahoo, Alibaba, the pioneer of "edge computing", "dynamic tracking" and "machine programming", has more than 22 years of programming and 16 years of open source experience. As the leader of open source projects with more than 40 million global domain name users, heOpenResty®High tech enterprises created by open source projectsOpenResty Inc.It is located in the center of Silicon Valley in the United States.Its two main productsOpenResty XRay(UtilizeDynamic trackingTechnology) andOpenResty Edge(The all-purpose gateway software most suitable for microservices and distributed traffic), widely favored by many listed and large enterprises worldwide.Besides OpenResty, Zhang Yichun has contributed more than one million lines of code to many open source projects, including Linux kernel, NginxLuaJIT、GDB、SystemTap、LLVM, Perl, etc., and has written more than 60 open source software libraries.
Follow us
If you like this article, please follow usOpenResty Inc.CorporateBlog Site。You are also welcome to scan our WeChat official account:
translate
We provideEnglish versionOriginal text and Chinese translation (this article).We also welcome readers to provide translations in other languages. As long as the full text translation is not omitted, we will consider using it. Thank you very much!
Related articles
OpenResty XRayJun 5, 2023
OpenResty XRayUpdated on Apr 10, 2024Estimated reading time: 5 minutes
Configuring SNI Proxy in OpenResty Edge
Create an application of SNI Proxy type
Create upstream and page rules for this application
Test the application of SNI Proxy type
Create an application of SNI Proxy type
Create upstream and page rules for this application
Test the application of SNI Proxy type
OpenResty XRayMay 29, 2023
OpenResty XRayUpdated on Apr 10, 2024Estimated reading time: 4 minutes
Use OpenResty Edge to load balance TCP applications
Create TCP application
Create upstream and page rules for TCP applications
Test TCP application
Create TCP application
Create upstream and page rules for TCP applications
Test TCP application
OpenResty XRayApr 25, 2023
OpenResty XRayUpdated on Apr 10, 2024Estimated reading time: 4 minutes
Configuring the Distributed gRPC Proxy in OpenResty Edge
GRPC sample server and sample service
Use gRPC server as upstream
Test gRPC service
GRPC sample server and sample service
Use gRPC server as upstream
Test gRPC service
OpenResty XRayApr 19, 2023
OpenResty XRayUpdated on Apr 10, 2024Estimated reading time: 5 minutes
Gateway small language EdgeLang in OpenResty Edge
Introduction to Edgelang
Add page rules defined by Edgelang
test
Modify the Edgelang definition of page rules
Define WAF rules using Edgelang
Edgelang User Manual
Introduction to Edgelang
Add page rules defined by Edgelang
test
Modify the Edgelang definition of page rules
Define WAF rules using Edgelang
Edgelang User Manual
OpenResty XRayMar 1, 2022
OpenResty XRayUpdated on Apr 10, 2024Estimated reading time: 4 minutes
Limit request rate in OpenResty Edge (use custom key)
Add a page rule that limits the request rate for the app
test
Limit the rate of SSL handshakes
Add a page rule that limits the request rate for the app
test
Limit the rate of SSL handshakes
Article Contents
Popular articles
OpenResty XRayMay 2, 2016
OpenResty XRayMay 2, 2016
Random talk on dynamic tracking technology
What is dynamic tracking
Advantages of dynamic tracking
DTrace and SystemTap
Application of SystemTap in production
Flame diagram
Methodology
Knowledge is power
Open source and debugging symbols
Linux kernel support
Hardware Tracking
Analysis of the remains of the death process
Traditional debugging technology
A messy debugging world
OpenResty XRay
OpenResty XRaySep 7, 2020
OpenResty XRaySep 7, 2020
Introduction to Lua level CPU flame diagram
What is a flame diagram
Simple Lua sample
Complex Lua applications
Sampling overhead
Security
compatibility
Other types of Lua level flame diagram
OpenResty XRayAug 10, 2020
OpenResty XRayAug 10, 2020
Memory fragmentation in OpenResty and Nginx shared memory areas
Empty shared memory area
Fill similar sized entries
Remove Odd Keys
Delete the key in the first half
Mitigate memory fragmentation
OpenResty XRayAug 4, 2020
OpenResty XRayAug 4, 2020
How does OpenResty and Nginx's shared memory consume physical memory
Slab and memory page
Allocated memory may not be consumed
Spurious memory leak
HUP Reload
OpenResty XRayJan 21, 2020
OpenResty XRayJan 21, 2020
How OpenResty and Nginx allocate and manage memory
System level
Application level
Traditional Nginx server
OPENRESTYApr 25, 2019
OPENRESTYApr 25, 2019
Long term recruitment of outstanding talents
Back end engineer/system engineer
Sales Engineer
Latest articles
OpenResty XRayMay 12, 2024
OpenResty XRayMay 12, 2024
Introduction to OpenResty XRay Mobile Applications
Download and install OpenResty XRay for Android
Log in to OpenResty XRay
Fully automated analysis report
View performance chart data on the dashboard page
Guided analysis function
OpenResty XRayMay 11, 2024
OpenResty XRayMay 11, 2024
Online locating large memory objects in the PHP process (using OpenResty XRay)
Problem: Memory usage is too high
Locating large memory objects or values in the PHP process
Fully automated analysis and reporting
OpenResety EdgeMay 8, 2024
OpenResety EdgeMay 8, 2024
Enable automatic health check of gateway server in OpenResty Edge
Create a new page rule
Enable health check
test result
About OpenResty Edge
OpenResety EdgeApr 28, 2024
OpenResety EdgeApr 28, 2024
How to use gateway partition in OpenResty Edge
Create a new partition
Create a new application in the new partition
Create a new page rule
Test the new partition
About OpenResty Edge
OpenResety EdgeApr 10, 2024
OpenResety EdgeApr 10, 2024
Precisely restore the real client IP address in OpenResty Edge
Set the "Real Source IP Trust Address" and "Real IP Source" in the global configuration
Configure the app to output the client address
Verify the client address received in OpenResty Edge
About OpenResty Edge
Related articles
OpenResety EdgeJun 5, 2023
OpenResety EdgeJun 5, 2023
Configuring SNI Proxy in OpenResty Edge
Create an application of SNI Proxy type
Create upstream and page rules for this application
Test the application of SNI Proxy type
OpenResety EdgeMay 29, 2023
OpenResety EdgeMay 29, 2023
Use OpenResty Edge to load balance TCP applications
Create TCP application
Create upstream and page rules for TCP applications
Test TCP application
OpenResety EdgeApr 25, 2023
OpenResety EdgeApr 25, 2023
Configuring the Distributed gRPC Proxy in OpenResty Edge
GRPC sample server and sample service
Use gRPC server as upstream
Test gRPC service
OpenResety EdgeApr 19, 2023
OpenResety EdgeApr 19, 2023
Gateway small language EdgeLang in OpenResty Edge
Introduction to Edgelang
Add page rules defined by Edgelang
test
Modify the Edgelang definition of page rules
Define WAF rules using Edgelang
Edgelang User Manual
OpenResety EdgeMar 1, 2022
OpenResety EdgeMar 1, 2022
Limit request rate in OpenResty Edge (use custom key)
Add a page rule that limits the request rate for the app