fix cdn ips

niiknow · Sep 27, 2022 · fbc97bd · fbc97bd
1 parent f3eda2c
commit fbc97bd
Show file tree

Hide file tree

Showing 7 changed files with 33 additions and 35 deletions.
diff --git a/files/etc/nginx/cdn-example.conf b/files/etc/nginx/cdn-example.conf
@@ -16,7 +16,7 @@ server {
 
     resolver                         8.8.8.8 8.8.4.4;
     proxy_redirect                   off;
-    proxy_set_header                 X-Real-IP       $remote_addr;
+    proxy_set_header                 X-Real-IP       $realip_remote_addr;
     proxy_set_header                 X-Forwarded-For $proxy_add_x_forwarded_for;
 
     proxy_connect_timeout            30s;
@@ -46,7 +46,7 @@ server {
         add_header                   Access-Control-Allow-Origin "*";
         add_header                   X-Cache $upstream_cache_status;
 
-        proxy_set_header             X-Forwarded-For $remote_addr;
+        proxy_set_header             X-Forwarded-For $realip_remote_addr;
 
         include                      /etc/nginx/sites-enabled/proxy-hide-headers.common;
 

diff --git a/files/etc/nginx/geoip2-download.sh b/files/etc/nginx/geoip2-download.sh
@@ -2,4 +2,4 @@
 #
 curl -sLo GeoLite2-ASN.mmdb https://git.io/GeoLite2-ASN.mmdb
 curl -sLo GeoLite2-City.mmdb https://git.io/GeoLite2-City.mmdb
-# curl -sLo GeoLite2-Country.mmdb https://git.io/GeoLite2-Country.mmdb
+curl -sLo GeoLite2-Country.mmdb https://git.io/GeoLite2-Country.mmdb
diff --git a/files/etc/nginx/geoipme.conf b/files/etc/nginx/geoipme.conf
@@ -1,26 +1,24 @@
- location ~ /(geoip|geoipme)/?(?<ip>.*) {
+location ~ /(geoip|geoipme)+/(?<ip>.*) {
     charset    utf-8;
     add_header Cache-Control  no-cache;
     set        $realip        $ip;
 
     if ($ip = '') {
-        set $realip $remote_addr;
+        set $realip $realip_remote_addr;
     }
 
-    include                      /etc/nginx/geolite2.conf;
-
     default_type                 application/json;
-    set $mybody                  '{"ip":"$realip","country_code":"$geoip2_country_code","region_code":"$geoip2_region","region_name":"$geoip2_region_name","city":"$geoip2_city","zip_code":"$geoip2_postal_code","latitude":"$geoip2_latitude","longitude":"$geoip2_longitude","metro_code":"$geoip2_dma_code"}';
+    set $mybody                  '{"ip":"$realip","country_code":"$geoip2_country_code","region_code":"$geoip2_region_code","region_name":"$geoip2_region","city":"$geoip2_city","zip_code":"$geoip2_postal_code","latitude":"$geoip2_latitude","longitude":"$geoip2_longitude","metro_code":"$geoip2_dma_code"}';
 
     if ($arg_format = "xml") {
         add_header Content-Type application/xml;
 
-        set $mybody              '<Response><IP>$realip</IP><CountryCode>$geoip2_country_code</CountryCode><CountryName>$geoip2_country_name</CountryName><RegionCode>$geoip2_region</RegionCode><RegionName>$geoip2_region_name</RegionName><City>$geoip2_city</City><ZipCode>$geoip2_postal_code</ZipCode><Latitude>$geoip2_latitude</Latitude><Longitude>$geoip2_longitude</Longitude><MetroCode>$geoip2_dma_code</MetroCode></Response>';
+        set $mybody              '<Response><IP>$realip</IP><CountryCode>$geoip2_country_code</CountryCode><CountryName>$geoip2_country</CountryName><RegionCode>$geoip2_region_code</RegionCode><RegionName>$geoip2_region</RegionName><City>$geoip2_city</City><ZipCode>$geoip2_postal_code</ZipCode><Latitude>$geoip2_latitude</Latitude><Longitude>$geoip2_longitude</Longitude><MetroCode>$geoip2_dma_code</MetroCode></Response>';
     }
 
     if ($arg_format = "csv") {
         add_header Content-Type text/csv;
-        set $mybody              '$realip,$geoip2_country_code,$geoip2_region,$geoip2_region_name,$geoip2_city,$geoip2_postal_code,$geoip2_latitude,$geoip2_longitude,$geoip2_dma_code';
+        set $mybody              '$realip,$geoip2_country_code,$geoip2_region_code,$geoip2_region,$geoip2_city,$geoip2_postal_code,$geoip2_latitude,$geoip2_longitude,$geoip2_dma_code';
     }
 
     if ($arg_callback) {
@@ -29,4 +27,4 @@
     }
 
     return 200 $mybody;
-}
+}
diff --git a/files/etc/nginx/geolite2.conf b/files/etc/nginx/geolite2.conf
@@ -1,34 +1,30 @@
-if ($realip = '') {
-    set $realip $remote_addr;
-}
-
-geoip2 /etc/nginx/GeoLite2-City.mmdb {
+geoip2 /etc/nginx/GeoLite2-Country.mmdb {
     auto_reload 60m;
 
     $geoip2_metadata_country_build metadata build_epoch;
-    $geoip2_data_country source=$realip country names en;
-    $geoip2_data_country_code source=$realip country iso_code;
+    $geoip2_data_country source=$realip_remote_addr country names en;
+    $geoip2_data_country_code source=$realip_remote_addr country iso_code;
 }
 
 geoip2 /etc/nginx/GeoLite2-City.mmdb {
-	auto_reload 60m;
+    auto_reload 60m;
 
-    $geoip2_continent_code source=$realip continent code;
-    $geoip2_country source=$realip country names en;
-    $geoip2_country_code source=$realip country iso_code;
-    $geoip2_region source=$realip subdivisions 0 names en;
-    $geoip2_region_code source=$realip subdivisions 0 iso_code;
-    $geoip2_city source=$realip city names en;
-    $geoip2_postal_code source=$realip postal code;
-    $geoip2_latitude source=$realip location latitude;
-    $geoip2_longitude source=$realip location longitude;
-    $geoip2_time_zone source=$realip location time_zone;
-    $geoip2_dma_code source=$realip location metro_code;
+    $geoip2_continent_code source=$realip_remote_addr continent code;
+    $geoip2_country source=$realip_remote_addr country names en;
+    $geoip2_country_code source=$realip_remote_addr country iso_code;
+    $geoip2_region source=$realip_remote_addr subdivisions 0 names en;
+    $geoip2_region_code source=$realip_remote_addr subdivisions 0 iso_code;
+    $geoip2_city source=$realip_remote_addr city names en;
+    $geoip2_postal_code source=$realip_remote_addr postal code;
+    $geoip2_latitude source=$realip_remote_addr location latitude;
+    $geoip2_longitude source=$realip_remote_addr location longitude;
+    $geoip2_time_zone source=$realip_remote_addr location time_zone;
+    $geoip2_dma_code source=$realip_remote_addr location metro_code;
 }
 
 geoip2 /etc/nginx/GeoLite2-ASN.mmdb {
     auto_reload 60m;
 
-    $geoip2_asn source=$realip autonomous_system_number;
-    $geoip2_organization source=$realip autonomous_system_organization;
+    $geoip2_asn source=$realip_remote_addr autonomous_system_number;
+    $geoip2_organization source=$realip_remote_addr autonomous_system_organization;
 }
diff --git a/files/etc/nginx/nginx.new b/files/etc/nginx/nginx.new
@@ -34,11 +34,11 @@ http {
     server_names_hash_bucket_size   512;
 
     # Log format
-    log_format  main                '$remote_addr - $remote_user [$time_local] "$request" '
+    log_format  main                '$realip_remote_addr - $remote_user [$time_local] "$request" '
                                     '$status $body_bytes_sent "$http_referer" '
                                     '"$http_user_agent" "$http_x_forwarded_for"';
     log_format  better              '-= ngx: $status $request_method $scheme://$host$request_uri $request_time '
-                                    '$remote_addr $body_bytes_sent "$http_referer" '
+                                    '$realip_remote_addr $body_bytes_sent "$http_referer" '
                                     '"$http_user_agent" "$http_x_forwarded_for"';
 
     access_log                      /var/log/nginx/access.log better;

diff --git a/files/etc/nginx/sites-enabled/proxy-hide-headers.common b/files/etc/nginx/sites-enabled/proxy-hide-headers.common
@@ -12,9 +12,13 @@ proxy_hide_header           "X-Amz-Replication-Status";
 proxy_hide_header           "X-Amz-Expiration";
 proxy_hide_header           "X-Amz-Version-Id";
 proxy_hide_header           "X-Amz-Cf-Id";
+proxy_hide_header           "X-Amz-Cf-Pop";
 proxy_hide_header           "Via";
 proxy_hide_header           "Access-Control-Allow-Origin";
 proxy_hide_header           "x-amz-meta-s3b-last-modified";
 proxy_hide_header           "Set-Cookie";
 proxy_hide_header           "CF-Cache-Status";
 proxy_hide_header           "cf-ray";
+proxy_hide_header           "Server";
+proxy_hide_header           "X-Powered-By";
+proxy_hide_header           "X-AspNet-Version";
diff --git a/files/etc/nginx/sites-enabled/server.conf b/files/etc/nginx/sites-enabled/server.conf
@@ -46,7 +46,7 @@ server {
 
 
 #    proxy_redirect                   off;
-    proxy_set_header                 X-Real-IP       $remote_addr;
+    proxy_set_header                 X-Real-IP       $realip_remote_addr;
     proxy_set_header                 X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header                 User-Agent      "$http_user_agent";