nginx多層反向代理獲取客戶端真實ip

時間  2021-02-17
標籤 javascript php css html java python nginx web 服務器 cookie 欄目 Nginx 简体版
原文   原文鏈接 
訪問路徑: 用戶 --> www.chinasoft.cn(nginx反向代理) --> www.chinasoft.com(nginx反向代理) --> python服務端程序 通過多層代理 第一層代理: # cat /usr/local/nginx/conf/vhost.d/www.chinasoft.cn.conf server { listen 80; server_name www.chinasoft.cn chinasoft.cn; access_log /data/www/logs/nginx_log/access/chinasoft.cn_access.log main ; error_log /data/www/logs/nginx_log/error/chinasoft.cn_error.log ; #root /data/www/vhosts/chinasoft.cn/httpdocs ; index index.html index.shtml index.php ; #include rewrite.d/chinasoft.cn.conf ; error_page 404 403             /404.html; rewrite ^/(.*)$ https://www.chinasoft.cn/$1 permanent; #跳轉到Https
 location /favicon.ico{ proxy_pass https://www.chinasoft.com;
 } location ~ ^/(middle|app|files|static|back)/ { proxy_set_header Host $host; proxy_set_header X-Real-Ip $remote_addr; proxy_cookie_domain www.chinasoft.com www.chinasoft.cn; proxy_pass https://www.chinasoft.com;
 } location /cn { rewrite ^/cn/(.*) /$1 permanent; } #註釋原來的location #location / { # proxy_cookie_domain www.chinasoft.com www.chinasoft.cn; # proxy_pass https://www.chinasoft.com/cn/;
 #} #開啓新的配置 location / { if (-d $request_filename){ rewrite (.*) $1 break; } if (-f $request_filename.html){ rewrite (.*) $1.html break; } try_files $uri /index.html @404; } } server { listen 443; server_name www.chinasoft.cn chinasoft.cn; ssl on; ssl_certificate /usr/local/nginx/cert/geo-chinasoft.cn.crt; ssl_certificate_key /usr/local/nginx/cert/geo-chinasoft.cn.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AE
    S256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3 -SHA:!KRB5-DES-CBC3-SHA";
 ssl_prefer_server_ciphers on; ssl_session_timeout 10m; access_log /data/www/logs/nginx_log/access/chinasoft.cn_access.log main ; error_log /data/www/logs/nginx_log/error/chinasoft.cn_error.log ; root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle/templates/cn; index index.html index.shtml index.php ; #include rewrite.d/chinasoft.cn.conf ; error_page 404 403             /404.html; location /favicon.ico{ proxy_set_header Host $host; proxy_set_header X-Real-Ip $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass https://www.chinasoft.com;
 } location ~ ^/(middle|app|files|back)/ { proxy_set_header Host $host; proxy_set_header X-Real-Ip $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_cookie_domain www.chinasoft.com www.chinasoft.cn; proxy_pass https://www.chinasoft.com;
 } location /cn { rewrite ^/cn/(.*) /$1 permanent; } location /static { root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle; } #註釋原來的location #location / { # proxy_cookie_domain www.chinasoft.com www.chinasoft.cn; # proxy_pass https://www.chinasoft.com/cn/;
 #} #開啓新的配置 location / { if (-d $request_filename){ rewrite (.*) $1 break; } if (-f $request_filename.html){ rewrite (.*) $1.html break; } try_files $uri /index.html @404; } } 第二層代理: [server02:~]# more /usr/local/nginx/conf/vhost.d/www.chinasoft.com.conf server { listen 80; server_name chinasoft.com www.chinasoft.com ; access_log /data/www/logs/nginx_log/access/www.chinasoft.com_access.log main ; error_log /data/www/logs/nginx_log/error/www.chinasoft.com_error.log; root /data/www/vhosts/chinasoft/chinasoft_web/web; index index.html index.php ; include rewrite.d/chinasoft.com.conf ; error_page 404 403             /404.html; location ^~ /middle/file/test-oss-callback { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header HTTP_AUTHORIZATION $http_authorization; proxy_pass_header Server; proxy_redirect off; proxy_pass http://1.1.1.1:7980/middle/file/oss-callback;
 } rewrite ^/(.*)$ https://www.chinasoft.com/$1 permanent; #跳轉到Https
 } server { listen 443; server_name www.chinasoft.com chinasoft.com; ssl on; ssl_certificate /usr/local/nginx/conf/cert2016/chinasoft_com.crt; ssl_certificate_key /usr/local/nginx/conf/cert2016/chinasoft_com.key; ssl_dhparam /usr/local/nginx/conf/cert2016/dh_2048.pem; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AE
S256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3 -SHA:!KRB5-DES-CBC3-SHA";
 ssl_prefer_server_ciphers on; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_comp_level 5; gzip_types text/plain application/x-javascript text/css application/xml text/javascript; access_log /data/www/logs/nginx_log/access/www.chinasoft.com_access.log main ; error_log /data/www/logs/nginx_log/error/www.chinasoft.com_error.log ; root /data/www/vhosts/chinasoft/chinasoft_web/web; index index.html index.php ; include rewrite.d/chinasoft.com.conf ; error_page 404 @error404; location /cn { include  rewrite.d/chinasoft.cn.conf ; } location @error404 { rewrite ^/(fr|de|it|es|pt|nl|hi|jp|ru|kr|id|ar|cn) /$1/404.html last; rewrite ^ /404.html last; } location ~ /(fr|de|it|es|pt|nl|hi|jp|ru|kr|id|ar|vn|tr|th|ro|zh-tw|cn)$ { rewrite ^/(.*)$ /$1/ permanent; } location ^~ /middle/file/test-oss-callback { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header HTTP_AUTHORIZATION $http_authorization; proxy_pass_header Server; proxy_redirect off; proxy_pass http://127.0.0.1:7980/middle/file/test-oss-callback;
 } location ~ ^/(middle|app)/ { #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #proxy_set_header REMOTE-HOST $remote_addr; #proxy_set_header HTTP_AUTHORIZATION $http_authorization; #proxy_pass_header Server; proxy_set_header Host $host; proxy_set_header X-Real-Ip $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; expires 1d; include proxy_params; if (!-d $request_filename){ set $flag 1$flag; } if (!-f $request_filename){ set $flag 2$flag; } if ($flag = "21"){ rewrite ^(.*)$ /index.php last; } } location ~ \.php$ { #fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_index index.php; fastcgi_read_timeout 600; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; expires -1; } location /static { root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle; } location / { #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #proxy_set_header REMOTE-HOST $remote_addr; #proxy_set_header HTTP_AUTHORIZATION $http_authorization; #proxy_pass_header Server; proxy_set_header Host $host; proxy_set_header X-Real-Ip $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; expires -10d; add_header Cache-Control no-cache; root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle/templates; index index.html; if (-d $request_filename){ rewrite (.*) $1 break; } if (!-f $request_filename){ rewrite (.*) $1.html break; } try_files $uri /index.html @error404; } } nginx多層代理獲取客戶端的真實ip總結: 1、編譯Nginx時,添加http_realip_module模塊 2、在nginx.conf文件中 proxy_pass  xxxxxx添加下面三行 proxy_set_header   Host             $host; proxy_set_header   X-Real-IP        $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 3、在每一層nginx日誌中的打印的"$http_x_forwarded_for"就是真實客戶端的ip地址。 4、後臺服務器獲取真實的客戶端ip地址: headers中的X-Forwarded-For選項中逗號前第一個ip就是真實客戶端ip 日誌中獲取真實ip: $http_x_forwarded_for 就是獲取真實ip的變量 log_format main '$remote_addr $http_x_forwarded_for - - [$time_local] - - "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time ';

# more /usr/local/nginx/conf/rewrite.d/chinsoft.com.conf
if ($request_uri ~ ^/(.*)/(index|indice).(html)) { rewrite ^/(.*)/(index|indice).(html) /$1 permanent;}javascript

相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程