博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
nginx多层反向代理获取客户端真实ip
阅读量:6305 次
发布时间:2019-06-22

本文共 10393 字,大约阅读时间需要 34 分钟。

访问路径:用户 --> www.chinasoft.cn(nginx反向代理) --> www.chinasoft.com(nginx反向代理) --> python服务端程序经过多层代理第一层代理:# cat /usr/local/nginx/conf/vhost.d/www.chinasoft.cn.conf server {    listen 80;    server_name     www.chinasoft.cn chinasoft.cn;    access_log      /data/www/logs/nginx_log/access/chinasoft.cn_access.log main ;    error_log       /data/www/logs/nginx_log/error/chinasoft.cn_error.log ;    #root            /data/www/vhosts/chinasoft.cn/httpdocs ;    index           index.html index.shtml index.php ;    #include        rewrite.d/chinasoft.cn.conf ;    error_page  404 403             /404.html;        rewrite ^/(.*)$ https://www.chinasoft.cn/$1 permanent;    #跳转到Https    location /favicon.ico{        proxy_pass https://www.chinasoft.com;    }    location ~ ^/(middle|app|files|static|back)/ {        proxy_set_header Host $host;        proxy_set_header X-Real-Ip $remote_addr;        proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;        proxy_pass https://www.chinasoft.com;    }    location /cn {        rewrite ^/cn/(.*) /$1 permanent;    }    #注释原来的location    #location / {    #               proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;    #    proxy_pass https://www.chinasoft.com/cn/;    #}    #开启新的配置    location / {    if (-d $request_filename){        rewrite (.*) $1 break;    }    if (-f $request_filename.html){        rewrite (.*) $1.html break;    }    try_files $uri /index.html @404;    }}server {    listen 443;    server_name      www.chinasoft.cn chinasoft.cn;    ssl                     on;     ssl_certificate         /usr/local/nginx/cert/geo-chinasoft.cn.crt;    ssl_certificate_key     /usr/local/nginx/cert/geo-chinasoft.cn.key;    ssl_protocols   TLSv1 TLSv1.1 TLSv1.2;    ssl_ciphers     "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AE    S256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3    -SHA:!KRB5-DES-CBC3-SHA";    ssl_prefer_server_ciphers on;    ssl_session_timeout 10m;    access_log      /data/www/logs/nginx_log/access/chinasoft.cn_access.log main ;    error_log       /data/www/logs/nginx_log/error/chinasoft.cn_error.log ;    root            /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle/templates/cn;    index           index.html index.shtml index.php ;    #include         rewrite.d/chinasoft.cn.conf ;    error_page  404 403             /404.html;    location /favicon.ico{        proxy_set_header Host $host;        proxy_set_header X-Real-Ip $remote_addr;        proxy_set_header X-Forwarded-For $remote_addr;         proxy_pass https://www.chinasoft.com;    }    location ~ ^/(middle|app|files|back)/ {        proxy_set_header Host $host;        proxy_set_header X-Real-Ip $remote_addr;        proxy_set_header X-Forwarded-For $remote_addr;         proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;        proxy_pass https://www.chinasoft.com;    }    location /cn {        rewrite ^/cn/(.*) /$1 permanent;    }    location /static {        root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle;    }    #注释原来的location    #location / {    #        proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;    #    proxy_pass https://www.chinasoft.com/cn/;    #}    #开启新的配置    location / {        if (-d $request_filename){            rewrite (.*) $1 break;        }        if (-f $request_filename.html){            rewrite (.*) $1.html break;        }        try_files $uri /index.html @404;    }}第二层代理:[server02:~]# more /usr/local/nginx/conf/vhost.d/www.chinasoft.com.conf server {        listen 80;        server_name     chinasoft.com www.chinasoft.com ;        access_log      /data/www/logs/nginx_log/access/www.chinasoft.com_access.log main ;        error_log       /data/www/logs/nginx_log/error/www.chinasoft.com_error.log;        root            /data/www/vhosts/chinasoft/chinasoft_web/web;        index           index.html index.php ;    include    rewrite.d/chinasoft.com.conf ;    error_page  404 403             /404.html;                    location ^~ /middle/file/test-oss-callback {            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;            proxy_set_header REMOTE-HOST $remote_addr;            proxy_set_header HTTP_AUTHORIZATION $http_authorization;            proxy_pass_header Server;            proxy_redirect off;            proxy_pass http://1.1.1.1:7980/middle/file/oss-callback;        }    rewrite ^/(.*)$ https://www.chinasoft.com/$1 permanent;    #跳转到Https}server {        listen 443;        server_name     www.chinasoft.com chinasoft.com;        ssl                     on;         ssl_certificate         /usr/local/nginx/conf/cert2016/chinasoft_com.crt;         ssl_certificate_key     /usr/local/nginx/conf/cert2016/chinasoft_com.key;     ssl_dhparam             /usr/local/nginx/conf/cert2016/dh_2048.pem;    ssl_session_timeout     5m;        ssl_protocols   TLSv1 TLSv1.1 TLSv1.2;        ssl_ciphers     "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";        ssl_prefer_server_ciphers       on;        gzip on;        gzip_min_length 1k;        gzip_buffers 4 16k;        gzip_comp_level 5;        gzip_types text/plain application/x-javascript text/css application/xml text/javascript;        access_log      /data/www/logs/nginx_log/access/www.chinasoft.com_access.log main ;        error_log       /data/www/logs/nginx_log/error/www.chinasoft.com_error.log ;        root            /data/www/vhosts/chinasoft/chinasoft_web/web;        index           index.html index.php ;                include         rewrite.d/chinasoft.com.conf ;    error_page 404  @error404;        location /cn { include  rewrite.d/chinasoft.cn.conf ; }        location @error404 {           rewrite ^/(fr|de|it|es|pt|nl|hi|jp|ru|kr|id|ar|cn) /$1/404.html last;           rewrite ^ /404.html last;        }        location ~ /(fr|de|it|es|pt|nl|hi|jp|ru|kr|id|ar|vn|tr|th|ro|zh-tw|cn)$ {            rewrite ^/(.*)$ /$1/ permanent;        }        location ^~ /middle/file/test-oss-callback {            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;            proxy_set_header REMOTE-HOST $remote_addr;            proxy_set_header HTTP_AUTHORIZATION $http_authorization;            proxy_pass_header Server;            proxy_redirect off;            proxy_pass http://127.0.0.1:7980/middle/file/test-oss-callback;        }               location ~ ^/(middle|app)/ {        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;            #proxy_set_header REMOTE-HOST $remote_addr;            #proxy_set_header HTTP_AUTHORIZATION $http_authorization;            #proxy_pass_header Server;        proxy_set_header Host $host;            proxy_set_header X-Real-Ip $remote_addr;         proxy_set_header X-Forwarded-For $remote_addr;            expires 1d;            include proxy_params;            if (!-d $request_filename){                    set $flag 1$flag;            }            if (!-f $request_filename){                    set $flag 2$flag;            }            if ($flag = "21"){                    rewrite ^(.*)$ /index.php last;            }        }        location ~ \.php$ {                #fastcgi_pass 127.0.0.1:9000;            fastcgi_pass   unix:/tmp/php-cgi.sock;            fastcgi_index  index.php;            fastcgi_read_timeout 600;            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;            include        fastcgi_params;            expires -1;    }        location /static {            root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle;        }        location / {        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;            #proxy_set_header REMOTE-HOST $remote_addr;            #proxy_set_header HTTP_AUTHORIZATION $http_authorization;            #proxy_pass_header Server;       proxy_set_header Host $host;            proxy_set_header X-Real-Ip $remote_addr;         proxy_set_header X-Forwarded-For $remote_addr;            expires -10d;            add_header Cache-Control no-cache;            root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle/templates;            index index.html;            if (-d $request_filename){               rewrite (.*) $1 break;            }            if (!-f $request_filename){               rewrite (.*) $1.html break;            }            try_files $uri /index.html @error404;        }}nginx多层代理获取客户端的真实ip总结:1、编译Nginx时,添加http_realip_module模块2、在nginx.conf文件中proxy_pass  xxxxxx添加下面三行proxy_set_header   Host             $host;proxy_set_header   X-Real-IP        $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;3、在每一层nginx日志中的打印的"$http_x_forwarded_for"就是真实客户端的ip地址。4、后台服务器获取真实的客户端ip地址:headers中的X-Forwarded-For选项中逗号前第一个ip就是真实客户端ip日志中获取真实ip:  $http_x_forwarded_for 就是获取真实ip的变量log_format main  '$remote_addr $http_x_forwarded_for - - [$time_local] - - "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time ';

# more /usr/local/nginx/conf/rewrite.d/chinsoft.com.conf

if ($request_uri ~ ^/(.*)/(index|indice).(html)) { rewrite ^/(.*)/(index|indice).(html) /$1 permanent;}

 

转载于:https://www.cnblogs.com/reblue520/p/11065629.html

你可能感兴趣的文章
基于epoll封装的事件回调miniserver
查看>>
天猫高管全面解读大快消2018新零售打法
查看>>
idea springboot热部署无效问题
查看>>
第八章 进程间通信
查看>>
HttpSession接口中的方法(Jsp中的session类的用法)
查看>>
「镁客早报」AI可预测心脏病人死亡时间;机器人开始在美国送外卖
查看>>
MoQ(基于.net3.5,c#3.0的mock框架)简单介绍
查看>>
物联网全面升级,十年内推动工业进入智能化新阶段
查看>>
spring-通过ListFactory注入List
查看>>
一种基于SDR实现的被动GSM嗅探
查看>>
阿里云ECS每天一件事D1:配置SSH
查看>>
SQL Server 性能调优(性能基线)
查看>>
uva 10801 - Lift Hopping(最短路Dijkstra)
查看>>
[Java Web]servlet/filter/listener/interceptor区别与联系
查看>>
POJ 2312Battle City(BFS-priority_queue 或者是建图spfa)
查看>>
从零开始学MVC3——创建项目
查看>>
CentOS 7 巨大变动之 firewalld 取代 iptables
查看>>
延时任务和定时任务
查看>>
linux下的权限问题
查看>>
教你如何使用Flutter和原生App混合开发
查看>>
喝酒易醉,品茶养心,人生如梦,品茶悟道,何以解忧?唯有杜康!-- 愿君每日到此一游!
当前时间: 2025-01-10 12:52:50   当前IP: 3.144.95.167   联系邮箱:javaeecc@qq.com     Copyright © 2020 - 2022 baihongyu.com 京ICP备2021015314号-2
强烈建议你试试无所不能的CHAT-GPT,快点击我
强烈建议你试试无所不能的CHAT-GPT,快点击我