nginx remote_port为空

nginx remote_port为空

现象

由于网安要求记录用户请求来源端口到日志中,因此为了实现这个需求在log_format中增加了”ngx_remote_port: $remote_port”字段(如下), 但实际日志系统中收录到的日志ngx_remote_port:""为空

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
log_format json '{ "time": "$time_iso8601", '
'"ngx_true_client_ip": "$http_true_client_ip", '
'"ngx_x_real_ip": "$http_x_real_ip", '
'"ngx_cdn_src_ip": "$http_cdn_src_ip", '
'"ngx_geo_location_ip": "$client_ip", '
'"ngx_remote_addr": "$remote_addr", '
'"ngx_remote_port": "$remote_port", '
'"ngx_x_user_site_proxy": "$http_x_user_site_proxy", '
'"ngx_x_forwarded_for": "$http_x_forwarded_for", '
'"ngx_host": "$host", '
'"ngx_http_user_agent": "$http_user_agent", '
'"ngx_body_bytes_sent": "$body_bytes_sent", '
'"ngx_request_time": "$request_time", '
'"ngx_upstream_response_time": "$upstream_response_time", '
'"ngx_upstream_connect_time": "$upstream_connect_time", '
'"ngx_upstream_header_time:": "$upstream_header_time", '
'"ngx_upstream_addr": "$upstream_addr", '
'"ngx_upstream_content_length": "$sent_http_content_length", '
'"ngx_status_code": "$status", '
'"ngx_scheme": "$scheme", '
'"ngx_request_method": "$request_method", '
'"ngx_request_uri": "$request_uri", '
'"ngx_request": "$request", '
'"ngx_http_referrer": "$http_referer" }';

解决

由于$remote_port这个变量是nginx核心模块提供的,因此猜测是由第三方模块再次操作导致为空,经过测试发现通过proxy进来的请求remote_port为空,
而直接访问本地nginx的请求都能够正确获取port信息,对于以上2中情况的对比
怀疑是由于经过proxy之类的组建request header中有x-forworder-for的头,从而触发了realip 模块(这个怀疑没有具体验证),解决方案就是使用realip模块提供的变量’realip_remote_port’来记录来源port, 修改log_format

1
2
3
4
5
6
7
log_format json '{ "time": "$time_iso8601", '
'"ngx_true_client_ip": "$http_true_client_ip", '
'"ngx_x_real_ip": "$http_x_real_ip", '
'"ngx_cdn_src_ip": "$http_cdn_src_ip", '
'"ngx_geo_location_ip": "$client_ip", '
'"ngx_remote_addr": "$remote_addr", '
'"ngx_remote_port": "$remote_port", '