AWS EC2中的双nginxes给我一个IP别的

Question

背景
我有带有弹性IP的AWS EC2。我的EC2有host-nginx，以便在不触及ssl

的情况下处理docker containers证书

在docker environment nginx, django, ...etc我nginx-container media/static_files投放nginx。

我知道header可以自定义http。因此，我在其名称前加上前缀host-nginx。

我的http_realip_module已遵守nginx -V。这是# nginx -V nginx version: nginx/1.10.3 built with OpenSSL 1.1.0f 25 May 2017 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-2tpxfc/nginx-1.10.3=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-auth-pam --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-dav-ext-module --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-echo --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-upstream-fair --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/ngx_http_substitutions_filter_module

的输出

#
# UAT let everything serve through 8000. Development server
#
upstream app {
    server localhost:8000;
}

server {
    listen 80;
    server_name poink-dev.mycompany.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    server_name poink-dev.mycompany.com;
    client_max_body_size 20M;
    add_header Strict-Transport-Security "max-age=31536000";
    ssl_certificate /home/admin/chained.crt;
    ssl_certificate_key /home/admin/wildcard.mycompany.com.key;
    real_ip_header      X-Forwarded-For;

    location / {
            proxy_pass_request_headers on;
            proxy_set_header           Host $host;
            proxy_pass                 http://app;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $remote_addr;
    }

}

主机nginx.conf：

upstream app {
    server backend:8000;
}

server {
    listen       8000;
    server_name  localhost;
    client_max_body_size 20M;
    access_log  /var/log/nginx/host.access.log  main;

    location / {
        proxy_pass_request_headers on;
        proxy_set_header           Host $host;
        proxy_pass                 http://app;
        proxy_set_header XX-Real-IP $http_x_real_ip;
        proxy_set_header XX-Forwarded-For $http_x_forwarded_for;
    }

    location /static {
        autoindex on;
        alias /var/www/static/;
    }

    location /media {
        autoindex on;
        alias /var/www/media/;
    }
}

contianer-nginx.conf：

def is_facebook_ip(client_address: str):
    """
    This one is faster than lookup on my own database
    """
    obj = IPWhois(client_address)
    results = obj.lookup_whois()
    asn_description = results.get('asn_description')
    return 'facebook' in asn_description.lower()

permission.py ：

@api_view(['GET', 'POST'])
@permission_classes(())
def read_header(request):
    remote_addr = request.META.get('REMOTE_ADDR')
    http_x_real_ip = request.META.get('HTTP_X_REAL_IP')
    http_xx_real_ip = request.META.get('HTTP_XX_REAL_IP')
    http_x_forwarded_for = request.META.get('X_FORWARDED_FOR')
    http_xx_forwarded_for = request.META.get('XX_FORWARDED_FOR')

    data = {
        'remote_addr': remote_addr,
        'http_x_real_ip': http_x_real_ip,
        'http_xx_real_ip': http_xx_real_ip,
        'http_x_forwarded_for': http_x_forwarded_for,
        'http_xx_forwarded_for': http_xx_forwarded_for,
    }
    return Response(data=data, status=status.HTTP_200_OK)

views.py ：

http_x_real_ip = request.META.get('HTTP_X_REAL_IP')

问题：

61.xxx.xxx.xxx

将我公司的ISP网关IP地址返回给我。我不确定我的代码是否能正确获取Facebook IP地址。由于我的程序显示来自另一个myIP网站的不同IP

我的网站上的答案：183.yyy.yyy.yyy
其他人的答案：Warning: require_once(C:\xampp\htdocs\phonoblog\system\core): failed to open stream: Permission denied in C:\xampp\htdocs\phonoblog\system\core\CodeIgniter.php on line 80 Fatal error: require_once(): Failed opening required 'C:\xampp\htdocs\phonoblog\system\core/' (include_path='C:\xampp\php\PEAR') in C:\xampp\htdocs\phonoblog\system\core\CodeIgniter.php on line 80

我哪里错了？