'Forward IP Addresses - NGINX and IIS

We have a working NGINX redirecting our external users to our IIS server. The problem is that the IP seen by the IIS is the NGINX machine, not the IP from external users. Our logs are full of "10.0.0.2" IPs which is incorrect.

A similar configuration file is shown. We already included "proxy_set_header" lines.

Is this config file correct? What should be done at IIS server? Should we just include some topics at web.config file? If this is the case, what should we add?

server {
listen      10.0.0.2:443 ssl;
server_name web.mydomain.com;
ssl_certificate      /home/admin/conf/web/ssl.web.mydomain.com.pem;
ssl_certificate_key  /home/admin/conf/web/ssl.web.mydomain.com.key;
error_log  /var/log/apache2/domains/web.mydomain.com.error.log error;

location / {
    proxy_set_header        x-real-IP       Host    $host;
    proxy_set_header        X-Real-IP               $remote_addr;
    proxy_set_header        X-Forwarded-Proto       https;
    proxy_set_header        X-Forwarded-For         $remote_addr;
    proxy_set_header        X-Forwarded-Host        $remote_addr;
    proxy_pass      https://10.0.0.11;
    location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|tif|tiff|css|js|htm|html|ttf|otf)$ {
        root           /home/admin/web/web.mydomain.com/public_html;
        access_log     /var/log/apache2/domains/web.mydomain.com.log combined;
        access_log     /var/log/apache2/domains/web.mydomain.com.bytes bytes;
        expires        max;
        try_files      $uri @fallback;
    }
}

location /error/ {
    alias   /home/admin/web/web.mydomain.com/document_errors/;
}

location @fallback {
    proxy_pass      https://10.0.0.11;
}

location ~ /\.ht    {return 404;}
location ~ /\.svn/  {return 404;}
location ~ /\.git/  {return 404;}
location ~ /\.hg/   {return 404;}
location ~ /\.bzr/  {return 404;}

include /home/admin/conf/web/snginx.web.mydomain.com.conf*;

}



Solution 1:[1]

At first I though this would be something related to IIS/NGINX, but after @lex-li and @bruce-zhang repplies I researched more about it.

I actually did not know but inside our application (running at IIS) there are listeners to those headers, and those listeners were not properly implemented.

So it was just a misalignment between our application and NGINX.

Thanks both @lex-li and @bruce-zhang

Solution 2:[2]

You can use IIS enhanced logging to write custom headers like X-Forwarded-For to log files,

https://docs.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/site/logfile/customfields/add

There is no way to change the source IP field, because indeed that's IP address recorded in the TCP/HTTP packets.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 fabr
Solution 2 Lex Li