'Forward IP Addresses - NGINX and IIS

We have a working NGINX redirecting our external users to our IIS server. The problem is that the IP seen by the IIS is the NGINX machine, not the IP from external users. Our logs are full of "10.0.0.2" IPs which is incorrect.

A similar configuration file is shown. We already included "proxy_set_header" lines.

Is this config file correct? What should be done at IIS server? Should we just include some topics at web.config file? If this is the case, what should we add?

server {
listen      10.0.0.2:443 ssl;
server_name web.mydomain.com;
ssl_certificate      /home/admin/conf/web/ssl.web.mydomain.com.pem;
ssl_certificate_key  /home/admin/conf/web/ssl.web.mydomain.com.key;
error_log  /var/log/apache2/domains/web.mydomain.com.error.log error;

location / {
    proxy_set_header        x-real-IP       Host    $host;
    proxy_set_header        X-Real-IP               $remote_addr;
    proxy_set_header        X-Forwarded-Proto       https;
    proxy_set_header        X-Forwarded-For         $remote_addr;
    proxy_set_header        X-Forwarded-Host        $remote_addr;
    proxy_pass      https://10.0.0.11;
    location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|tif|tiff|css|js|htm|html|ttf|otf)$ {
        root           /home/admin/web/web.mydomain.com/public_html;
        access_log     /var/log/apache2/domains/web.mydomain.com.log combined;
        access_log     /var/log/apache2/domains/web.mydomain.com.bytes bytes;
        expires        max;
        try_files      $uri @fallback;
    }
}

location /error/ {
    alias   /home/admin/web/web.mydomain.com/document_errors/;
}

location @fallback {
    proxy_pass      https://10.0.0.11;
}

location ~ /\.ht    {return 404;}
location ~ /\.svn/  {return 404;}
location ~ /\.git/  {return 404;}
location ~ /\.hg/   {return 404;}
location ~ /\.bzr/  {return 404;}

include /home/admin/conf/web/snginx.web.mydomain.com.conf*;

}

nginxiisipiis-6


Solution 1:[1]

At first I though this would be something related to IIS/NGINX, but after @lex-li and @bruce-zhang repplies I researched more about it.

I actually did not know but inside our application (running at IIS) there are listeners to those headers, and those listeners were not properly implemented.

So it was just a misalignment between our application and NGINX.

Thanks both @lex-li and @bruce-zhang

Solution 2:[2]

You can use IIS enhanced logging to write custom headers like X-Forwarded-For to log files,

https://docs.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/site/logfile/customfields/add

There is no way to change the source IP field, because indeed that's IP address recorded in the TCP/HTTP packets.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 fabr
Solution 2 Lex Li

Related Questions

machine.config' is denied

ASP.NET: HTTP Error 500.19 – Internal Server Error 0x8007000d

The server response was: 5.7.0 Must issue a STARTTLS command first. i16sm1806350pag.18 - gsmtp

What is "AppOffline" which prevents my bot application from getting published to the IIS web server?

Getting error "403 - Forbidden: Access is denied" on browser when user is NOT administrator

Chrome WebDriver does not open when called from IIS

"There was an error while performing this operation"

Cannot establish connection to SQL Server

Is there a way to produce an alert when an IIS site goes down using Prometheus?

HTTP error 403.16 - client certificate trust issue

CSS, Images, JS not loading in IIS

Can't open web project because IIS Express is not installed (even though it is)

IIS font not applying

Testing web API service

WEBAPI not working when i add server ip address instead of name?