参考资料在 ELB 后面的 Web 服务器日志中捕获客户端 IP 地址 | AWS re:Post
AWS负载均衡需要配置才能查看原IP
1 配置值负载均衡器的proxy
aws elb create-load-balancer-policy --load-balancer-name exxx --policy-name realIPProxyProtocol --policy-type-name ProxyProtocolPolicyType --policy-attributes AttributeName=ProxyProtocol,AttributeValue=true
aws elb set-load-balancer-policies-for-backend-server --load-balancer-name dxxx --instance-port 443 --policy-names realIPProxyProtocol
aws elb set-load-balancer-policies-for-backend-server --load-balancer-name exxx --instance-port 80 --policy-names realIPProxyProtocol
aws elb describe-load-balancers --load-balancer-name exxx
2 修改nginx.conf
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$proxy_protocol_addr"';
3 修改nginx server配置
server {
listen 80 default_server proxy_protocol ;
server_name mydomain;
access_log /logpath main;
error_log /logpath info;
location / {
rewrite ^(.*) https://mydomain$1 permanent;
}
}
server {
listen 443 ssl default_server proxy_protocol;
server_name mydomain;
access_log /access.log main;
error_log /error.log info;
location /manager/html {
return 404;
}
location /host-manager/html {
return 404;
}
### Don't log haproxy check
location /check {
access_log off;
return 200;
}
###
#tomcat lab setting 15.8.24
location / {
if ( $proxy_protocol_addr !~* "植允许的IP") {
return 403;
}
proxy_pass http://upstring;
}
##
location ~ \/commonImg {
if ( $proxy_protocol_addr !~* "植允许的IP") {
return 403;
}
proxy_pass http://upstring;
}
location ~ \.(gif|jpg|png|html|css|txt|js|eot|ttf|woff2|svg)$ {
root /static;
}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}