≡ Menu

How to log real user’s IP address with Nginx in log files

My nginx server is behind a reverse proxy load balancer. How can I show the correct client IP address in nginx log files when nginx is behind a load balancer?

If you are using nginx behind reverse proxies, load balancer and HTTPS front-end such as HAProxy/Pound, you may find hard to log or get the real IP address.

Fig.01: HAproxy LB and log the real user’s IP in Nginx log file instead of the proxy server

Fig.01: HAproxy LB and log the real user’s IP in Nginx log file instead of the proxy server

How to log the real user’s IP instead of the proxy server?

You need use the ngx_http_realip_module module. It is used to change the client address and optional port to the one sent in the specified header fields. Edit your nginx.conf or default.conf file:
$ sudo vi /etc/nginx/conf.d/default.conf
And set the following two directives:

    set_real_ip_from  192.168.1.4;
    real_ip_header    X-Forwarded-For;

Save and close the file.
Where,

  1. set_real_ip_from 192.168.1.4; Set trusted addresses that are known to send correct replacement addresses. 192.168.1.4 is my load balancer or reverse proxy server.
  2. real_ip_header X-Forwarded-For; You need to define the request header field whose value will be used to replace the client address. The X-Real-IP and X-Forwarded-For parameters contain client’s real IP address. This header is usually set in your load balancer or client IP address.

You must restart or reload your nginx server:
$ sudo service nginx restart
OR
$ systemctl reload nginx

Verification

Before setting set_real_ip_from in nginx.conf:
$ sudo tail -f /var/log/nginx/access.log
Sample outputs:

192.168.1.4 - - [18/Jan/2017:20:34:02 +0000] "GET / HTTP/1.0" 200 700 "https://theos.in/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"

After setting set_real_ip_from in nginx.conf:
$ sudo tail -f /var/log/nginx/access.log

204.55.22.11 - - [18/Jan/2017:20:34:02 +0000] "GET / HTTP/1.0" 200 700 "https://theos.in/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"

See also

Share this tutorial on:

Your support makes a big difference:
I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft, takes a lot of my time and hard work to produce. If you use nixCraft, who likes it, helps me with donations:
Become a Supporter →    Make a contribution via Paypal/Bitcoin →   

Don't Miss Any Linux and Unix Tips

Get nixCraft in your inbox. It's free:



{ 0 comments… add one }

Leave a Comment

You can use these HTML tags and attributes: <strong> <em> <pre> <code> <a href="" title="">


   Tagged with: , , , ,