nginx多层反向代理获取客户端真实ip
访问路径:
用户 --> www.chinasoft.cn(nginx反向代理) --> www.chinasoft.com(nginx反向代理) --> python服务端程序 经过多层代理 第一层代理:
# cat /usr/local/nginx/conf/vhost.d/www.chinasoft.cn.conf
server {
listen ;
server_name www.chinasoft.cn chinasoft.cn;
access_log /data/www/logs/nginx_log/access/chinasoft.cn_access.log main ;
error_log /data/www/logs/nginx_log/error/chinasoft.cn_error.log ;
#root /data/www/vhosts/chinasoft.cn/httpdocs ;
index index.html index.shtml index.php ;
#include rewrite.d/chinasoft.cn.conf ;
error_page /.html; rewrite ^/(.*)$ https://www.chinasoft.cn/$1 permanent; #跳转到Https location /favicon.ico{
proxy_pass https://www.chinasoft.com;
} location ~ ^/(middle|app|files|static|back)/ {
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;
proxy_pass https://www.chinasoft.com;
} location /cn {
rewrite ^/cn/(.*) /$ permanent;
} #注释原来的location
#location / {
# proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;
# proxy_pass https://www.chinasoft.com/cn/;
#} #开启新的配置
location / {
if (-d $request_filename){
rewrite (.*) $ break;
}
if (-f $request_filename.html){
rewrite (.*) $.html break;
}
try_files $uri /index.html @;
} } server {
listen ;
server_name www.chinasoft.cn chinasoft.cn; ssl on;
ssl_certificate /usr/local/nginx/cert/geo-chinasoft.cn.crt;
ssl_certificate_key /usr/local/nginx/cert/geo-chinasoft.cn.key; ssl_protocols TLSv1 TLSv1. TLSv1.; ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AE
S256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3
-SHA:!KRB5-DES-CBC3-SHA";
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m; access_log /data/www/logs/nginx_log/access/chinasoft.cn_access.log main ;
error_log /data/www/logs/nginx_log/error/chinasoft.cn_error.log ;
root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle/templates/cn;
index index.html index.shtml index.php ;
#include rewrite.d/chinasoft.cn.conf ;
error_page /.html; location /favicon.ico{
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass https://www.chinasoft.com;
} location ~ ^/(middle|app|files|back)/ {
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;
proxy_pass https://www.chinasoft.com;
} location /cn {
rewrite ^/cn/(.*) /$ permanent;
} location /static {
root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle;
} #注释原来的location
#location / {
# proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;
# proxy_pass https://www.chinasoft.com/cn/;
#} #开启新的配置
location / {
if (-d $request_filename){
rewrite (.*) $ break;
}
if (-f $request_filename.html){
rewrite (.*) $.html break;
}
try_files $uri /index.html @;
} } 第二层代理:
[server02:~]# more /usr/local/nginx/conf/vhost.d/www.chinasoft.com.conf
server {
listen ;
server_name chinasoft.com www.chinasoft.com ;
access_log /data/www/logs/nginx_log/access/www.chinasoft.com_access.log main ;
error_log /data/www/logs/nginx_log/error/www.chinasoft.com_error.log;
root /data/www/vhosts/chinasoft/chinasoft_web/web;
index index.html index.php ;
include rewrite.d/chinasoft.com.conf ;
error_page /.html; location ^~ /middle/file/test-oss-callback {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header HTTP_AUTHORIZATION $http_authorization;
proxy_pass_header Server;
proxy_redirect off;
proxy_pass http://1.1.1.1:7980/middle/file/oss-callback;
} rewrite ^/(.*)$ https://www.chinasoft.com/$1 permanent; #跳转到Https } server {
listen ;
server_name www.chinasoft.com chinasoft.com; ssl on;
ssl_certificate /usr/local/nginx/conf/cert2016/chinasoft_com.crt;
ssl_certificate_key /usr/local/nginx/conf/cert2016/chinasoft_com.key;
ssl_dhparam /usr/local/nginx/conf/cert2016/dh_2048.pem; ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1. TLSv1.; ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AE
S256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3
-SHA:!KRB5-DES-CBC3-SHA";
ssl_prefer_server_ciphers on; gzip on;
gzip_min_length 1k;
gzip_buffers 16k;
gzip_comp_level ;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript; access_log /data/www/logs/nginx_log/access/www.chinasoft.com_access.log main ;
error_log /data/www/logs/nginx_log/error/www.chinasoft.com_error.log ;
root /data/www/vhosts/chinasoft/chinasoft_web/web;
index index.html index.php ; include rewrite.d/chinasoft.com.conf ;
error_page @error404;
location /cn { include rewrite.d/chinasoft.cn.conf ; } location @error404 {
rewrite ^/(fr|de|it|es|pt|nl|hi|jp|ru|kr|id|ar|cn) /$/.html last;
rewrite ^ /.html last;
}
location ~ /(fr|de|it|es|pt|nl|hi|jp|ru|kr|id|ar|vn|tr|th|ro|zh-tw|cn)$ {
rewrite ^/(.*)$ /$/ permanent;
} location ^~ /middle/file/test-oss-callback {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header HTTP_AUTHORIZATION $http_authorization;
proxy_pass_header Server;
proxy_redirect off;
proxy_pass http://127.0.0.1:7980/middle/file/test-oss-callback;
} location ~ ^/(middle|app)/ {
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header REMOTE-HOST $remote_addr;
#proxy_set_header HTTP_AUTHORIZATION $http_authorization;
#proxy_pass_header Server;
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
expires 1d;
include proxy_params;
if (!-d $request_filename){
set $flag $flag;
}
if (!-f $request_filename){
set $flag $flag;
}
if ($flag = ""){
rewrite ^(.*)$ /index.php last;
}
} location ~ \.php$ {
#fastcgi_pass 127.0.0.1:;
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
fastcgi_read_timeout ;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
expires -;
}
location /static {
root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle;
}
location / {
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header REMOTE-HOST $remote_addr;
#proxy_set_header HTTP_AUTHORIZATION $http_authorization;
#proxy_pass_header Server; proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr; expires -10d;
add_header Cache-Control no-cache;
root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle/templates;
index index.html;
if (-d $request_filename){
rewrite (.*) $ break;
}
if (!-f $request_filename){
rewrite (.*) $.html break;
}
try_files $uri /index.html @error404;
} } nginx多层代理获取客户端的真实ip总结: 、编译Nginx时,添加http_realip_module模块 、在nginx.conf文件中 proxy_pass xxxxxx添加下面三行
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 、在每一层nginx日志中的打印的"$http_x_forwarded_for"就是真实客户端的ip地址。
、后台服务器获取真实的客户端ip地址: headers中的X-Forwarded-For选项中逗号前第一个ip就是真实客户端ip 日志中获取真实ip: $http_x_forwarded_for 就是获取真实ip的变量 log_format main '$remote_addr $http_x_forwarded_for - - [$time_local] - - "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time ';
# more /usr/local/nginx/conf/rewrite.d/chinsoft.com.conf
if ($request_uri ~ ^/(.*)/(index|indice).(html)) { rewrite ^/(.*)/(index|indice).(html) /$1 permanent;}
nginx多层反向代理获取客户端真实ip的更多相关文章
- nginx 多级反向代理获取客户端真实IP
set_real_ip_from ; set_real_ip_from ; set_real_ip_from ; set_real_ip_from ; set_real_ip_from 127.0.0 ...
- 关于nginx多层uptstream转发获取客户端真实IP的问题
因为公司有个需求需要获取客户端的真实IP,前端是haproxy,后面是nginx,本来这个需求不难完成,但是难就难在是https请求也就是ssl 由于个人水平有限,在网上爬了很多资料,刚开始的ha是通 ...
- nginx反向代理获取用户真实ip
nginx做反向代理时,默认的配置后端获取到的ip都是来自于nginx,如何转发用户的真实ip到后端程序呢?如是是java后端,用request.getRemoteAddr();获取到的是nginx的 ...
- 关于.net core使用nginx做反向代理获取客户端ip的问题
1.正常情况下.net core获取客户端ip是比较简单的 /// <summary> /// 获取客户Ip /// </summary> /// <param name ...
- 如何取得nginx做反向代理时的真实IP?
1. 编译 对于client -> nginx reverse proxy -> apache, 要想在程序中取得真实的IP,在执行nginx的configure时,必须指定参数" ...
- Nginx反向代理后应用程序获取客户端真实IP
Nginx反向代理后,Servlet应用通过request.getRemoteAddr()取到的IP是Nginx的IP地址,并非客户端真实IP,通过request.getRequestURL()获取的 ...
- nginx 代理模式下,获取客户端真实IP
最近做博友推荐,发现个小问题,用$_SERVER['REMOTE_ADDR'];得到的都是服务器的地址192.168.96.52,搜索了一下,发现问题,改为$_SERVER['HTTP_X_REAL_ ...
- 多层代理获取用户真实IP
1. 几个概念remote_addr:如果中间没有代理,这个就是客户端的真实IP,如果有代理,这就是上层代理的IP.X-Forwarded-For:一个HTTP扩展头,格式为 X-Forwarded- ...
- 获取客户端真实IP地址
Java-Web获取客户端真实IP: 发生的场景:服务器端接收客户端请求的时候,一般需要进行签名验证,客户端IP限定等情况,在进行客户端IP限定的时候,需要首先获取该真实的IP. 一般分为两种情况: ...
随机推荐
- 3.XPath
使用XPath可以在不遍历xml文档的情况下选择具体节点. 转自https://www.cnblogs.com/vaevvaev/p/6928201.html XPath可以快速定位到Xml中的节点或 ...
- Oracle数据库使用游标查询结果集所有数据
--Oracle使用游标查询结果集所有数据 DECLARE myTabelName NVARCHAR2():=''; --表名 myTableRowComment NVARCHAR2():=''; - ...
- HDU6072 Logical Chain
题意:动态修改图 \(G\) 的边集,求每次修改后的 \(\sum c\times (c−1) / 2\) (记每个强连通分量中的点数量为 \(c\) ).其中修改操作共 \(m\) 次,每次最多改 ...
- mysql5.7的手动安装
1.安装必要的组件 | yum install –y autoconf automake imake libxml2-devel expat-devel cmake gcc gcc-c++ li ...
- C# 函数参数中的this
先看下面的代码: public static class StringExtension { public static void Foo(this string s) { Console.Write ...
- I9300 国行联通定制修复手记
同事拿来个I9300给我修,说是打不了电话,试了一下,打电话的时候会提示“网络未注册”,于是果断找了个国行的4.1.2五件套刷砖.5分钟后,刷机成功,开机拨号,依旧是这个问题,怎么回事呢?上百度一查, ...
- pandas数据保存至Mysql数据库
pandas数据保存至Mysql数据库 import pandas as pd from sqlalchemy import create_engine host = '127.0.0.1' port ...
- 2440sd初始化(存储器控制器寄存器的设置)
#define mem_contrl 0x48000000 //13个寄存器的基地址(看做一个内存块)init_sdram: ldr r0, =mem_contrl / ...
- 《挑战30天C++入门极限》入门教程:C++中的const限定修饰符
入门教程:C++中的const限定修饰符 const修饰符可以把对象转变成常数对象,什么意思呢? 意思就是说利用const进行修饰的变量的值在程序的任意位置将不能再被修改,就如同常数一样使用! ...
- 小程序中嵌套的h5页面设置分享转发
场景描述:当在小程序中打开h5页面时,希望小程序的转发出去的标题,图片,跳转link可以通过h5通信实现自定义. 实现方式:通过h5给小程序通信,发送标题,图片,跳转link等信息,让小程序设置分享. ...