Wrong IP-Address with nginx + Unicorn + rails

Question

I check the ip-address in the controller with

request.env['REMOTE_ADDR']

this works fine in my test environment. But on the production server with nginx + unicorn I always get 127.0.0.1.

This is my nginx config for the site:

  upstream unicorn {
  server unix:/tmp/unicorn.urlshorter.sock fail_timeout=0;
}

server {
  listen 80 default deferred;
  # server_name example.com;
  root /home/deployer/apps/urlshorter/current/public;

  location ^~ /assets/ {
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }

  try_files $uri/index.html $uri @unicorn;
  location @unicorn {
    proxy_set_header   X-Real-IP        $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://unicorn;
  }

  error_page 500 502 503 504 /500.html;
  client_max_body_size 4G;
  keepalive_timeout 10;
}

Answer 1

I had trouble with this too; I found this question, but the other answer didn't help me.

I looked at Rails 3.2.8's implementation of Rack::Request#ip to see how it decided what to say; to get it to use an address passed via the environment without filtering out addresses from my local network (it's trying to filter out intermediate proxies, but that's not what I wanted), I had to set the HTTP_CLIENT_IP from my nginx proxy configuration block in addition to what you've got above (X-Forwarded-For has to be there too for this to work!):

proxy_set_header CLIENT_IP $remote_addr;

Answer 2

If you use request.remote_addr you'll get the of your Nginx proxy.

To get the real IP address of your user, you can use request.remote_ip.

According to Rails' source code, it checks for various http headers to give you the most relevant one : in Rails 3.2 or Rails 4.0.0.beta1

Answer 3

The answer is in your config file :) The following should do what you want:

real_ip = request.headers["X-Real-IP"]

more here: http://api.rubyonrails.org/classes/ActionDispatch/Request.html#method-i-headers

UPDATE: The proper answer is here in another Q:

https://stackoverflow.com/a/4465588

or in this thread:

https://stackoverflow.com/a/15883610

spoiler:

use request.remote_ip

Answer 4

For ELB - nginx - rails you want to follow this guide:

http://engineering.blopboard.com/resolving-real-client-ip-with-amazon-elb-nginx-and-php-fpm

See:

server {
   listen 443 ssl spdy proxy_protocol;

   set_real_ip_from 10.0.0.0/8;
   real_ip_header proxy_protocol;

  location /xxx {
    proxy_http_version 1.1;
    proxy_pass <api-endpoint>;
    proxy_set_header      Host              $http_host;
    proxy_set_header      X-Forwarded-By    $server_addr:$server_port;
    proxy_set_header      X-Forwarded-For   $remote_addr;
    proxy_set_header      X-Forwarded-Proto $scheme;
    proxy_set_header      X-Real-IP         $remote_addr;
    proxy_set_header      CLIENT_IP         $remote_addr;
    proxy_pass_request_headers on;
  }
  ...

Answer 5

The proxy_set_header CLIENT_IP $remote_addr; didn't work for me. Here's what did..

The solution I found after reviewing the actiondispatch code remote_ip.rb source. Now I get proper IP in my devise/warden processes as well as any other routine I'm looking at request.remote_ip

My config... Ruby 2.2.1 - Rails 4.2.1 - NGINX v1.8.0 - Unicorn v4.9.0 - Devise v3.4.1

nginx.conf

HTTP_CLIENT_IP vs CLIENT_IP

location @unicorn {
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header Host $http_host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header HTTP_CLIENT_IP $remote_addr;  <-----
  proxy_redirect off;
  proxy_pass http://unicorn;
}

Source actionpack-4.2.1/lib/action_dispatch/middleware/remote_ip.rb

Line 114:

client_ips    = ips_from('HTTP_CLIENT_IP').reverse

Line 126:

"HTTP_CLIENT_IP=#{@env['HTTP_CLIENT_IP'].inspect} " +