X-Forwarded-For和X-Real-ip的区别
环境配置:
三台代理(lb01:10.0.0.7、lb02:10.0.0.8、lb03:10.0.0.9)
一台web应用服务器(web:10.0.0.5)
1.配置官方Nginx源并安装(4台都操作)
[root@lb01 ~]# vim /etc/yum.repos.d/Nginx.repo
[root@lb01 ~]# yum install Nginx -y
[root@lb01 ~]# Nginx -v
Nginx version: Nginx/1.16.0
2.启动Nginx服务加入开机自启(4台都操作)
[root@lb01 ~]# systemctl start Nginx
[root@lb01 ~]# systemctl enable Nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/Nginx.service to /usr/lib/systemd/system/Nginx.service.统一将proxy定义的配置存放到proxy_params中,便于调用
[root@lb01 Nginx]# vim /etc/Nginx/proxy_params
proxy_http_version 1.1;
proxy_http_version 1.1;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X‐Real‐IP $remote_addr; #配置X‐Real‐IP
proxy_set_header X‐Forwarded‐For $proxy_add_x_forwarded_for;#配置 X‐Forwarded‐For
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;配置代理
[root@lb01 conf.d]# vim web.oldboy.com.conf
server {
listen 80;
server_name web.oldboy.com;
location / {
proxy_pass http://10.0.0.8:80;
include proxy_params;
}
}
[root@lb01 conf.d]# Nginx -t
Nginx: the configuration file /etc/Nginx/Nginx.conf Syntax is ok
Nginx: configuration file /etc/Nginx/Nginx.conf test is successful
[root@lb01 conf.d]# systemctl res
rescue reset-Failed restart
[root@lb01 conf.d]# systemctl restart Nginx
lb02:
统一将proxy定义的配置存放到proxy_params中,便于调用
[root@lb02 ~]# cd /etc/Nginx/conf.d/
[root@lb02 conf.d]# vim /etc/Nginx/proxy_params
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;#配置X-Real-IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;#配置X-Forward-For
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
[root@lb02 conf.d]# vim web.oldboy.com.conf
server {
listen 80;
server_name web.oldboy.com;
location / {
proxy_pass http://10.0.0.9:80;
include proxy_params;
}
}
[root@lb02 conf.d]# Nginx -t
Nginx: the configuration file /etc/Nginx/Nginx.conf Syntax is ok
Nginx: configuration file /etc/Nginx/Nginx.conf test is successful
[root@lb02 conf.d]# systemctl restart Nginxlb03:
统一将proxy定义的配置存放到proxy_params中,便于调用
[root@lb03 ~]# cd /etc/Nginx/conf.d/
[root@lb03 conf.d]# vim /etc/Nginx/proxy_params
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X‐Real‐IP $remote_addr; #配置X‐Real‐IP
proxy_set_header X‐Forwarded‐For $proxy_add_x_forwarded_for;#配置 X‐Forwarded‐For
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
[root@lb03 conf.d]# vim web.oldboy.com.conf
server {
listen 80;
server_name web.oldboy.com;
location / {
proxy_pass http://10.0.0.5:80;
include proxy_params;
}
}
[root@lb03 conf.d]# Nginx -t
Nginx: the configuration file /etc/Nginx/Nginx.conf Syntax is ok
Nginx: configuration file /etc/Nginx/Nginx.conf test is successful
[root@lb03 conf.d]# systemctl restart Nginxweb:
[root@web ~]# cd /etc/Nginx/conf.d/
[root@web conf.d]# vim web.oldboy.com.conf
server {
listen 80;
server_name web.oldboy.com;
location / {
root /code;
index index.html;
}
}
[root@web conf.d]# Nginx -t
Nginx: the configuration file /etc/Nginx/Nginx.conf Syntax is ok
Nginx: configuration file /etc/Nginx/Nginx.conf test is successful
[root@web conf.d]# echo "10.0.0.5-web" > /code/index.html
[root@web conf.d]# systemctl restart Nginx
[root@web conf.d]# vim /etc/Nginx/Nginx.conf # 为方便查看日志,将web端的记录日志格式修改下
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for""$http_x_real_ip"';
打开windows的C:windows\System32\drivers\etc\hosts,配置10.0.0.7 web.oldboy.com.完了以后可以在cmd中检查一下是否解析的是来自10.0.0.7的。
如图所示:由10.0.0.2(user)-->10.0.0.7-->10.0.0.8-->10.0.0.9-->10.0.0.5(web server)
[root@web conf.d]# tail -f /var/log/Nginx/access.log
10.0.0.9 - - [02/Jun/2019:11:54:54 +0800] "GET / HTTP/1.1" 200 13 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" "10.0.0.7""10.0.0.7"综上所述:X-Real-ip 只显示出上一级代理,不显示用户真实ip
X-Forwarded-For 显示所有经过路径的ip。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
