$realip_remote_port

Description

The $realip_remote_port variable is used in the context of reverse proxying and indicates the original port number used by the client connecting to the server. It is particularly valuable when NGINX is operating behind a load balancer or a proxy and the actual client connection details are necessary for logging or other processing. This variable becomes available when using the real_ip module, which allows NGINX to correctly identify the client IP and port when requests are forwarded from another server, such as a web application firewall or a load balancer. This variable will typically contain numeric values representing the port number, such as 443 for HTTPS or 80 for HTTP, depending on how the client initially connected. If the `real_ip_header` directive is correctly set up in the NGINX configuration to capture the incoming requests' headers (like X-Forwarded-For), the $realip_remote_port variable will accurately reflect the port the client used, assuming the configuration is correct and the headers are present. Failure to set this correctly can lead to incorrect logging and misidentification of client connections. In essence, the $realip_remote_port variable enhances security and monitoring capabilities by ensuring that applications can reference the actual connection details of clients when processed through various intermediary servers.

Config Example

http {
    set_real_ip_from 192.168.1.1;  # Example trusted proxy
    real_ip_header X-Forwarded-For;
}

server {
    location / {
        access_log /var/log/nginx/access.log combined;
    }
}

# In the combined log format, you can include the realip remote port
log_format combined '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $realip_remote_port';