访问路径:

用户 --> www.chinasoft.cn(nginx反向代理) --> www.chinasoft.com(nginx反向代理) --> python服务端程序

经过多层代理

第一层代理:

# cat /usr/local/nginx/conf/vhost.d/www.chinasoft.cn.conf

server {

    listen ;

    server_name     www.chinasoft.cn chinasoft.cn;

    access_log      /data/www/logs/nginx_log/access/chinasoft.cn_access.log main ;

    error_log       /data/www/logs/nginx_log/error/chinasoft.cn_error.log ;

    #root            /data/www/vhosts/chinasoft.cn/httpdocs ;

    index           index.html index.shtml index.php ;

    #include        rewrite.d/chinasoft.cn.conf ;

    error_page                /.html;    

    rewrite ^/(.*)$ https://www.chinasoft.cn/$1 permanent;    #跳转到Https

    location /favicon.ico{

        proxy_pass https://www.chinasoft.com;

    }

    location ~ ^/(middle|app|files|static|back)/ {

        proxy_set_header Host $host;

        proxy_set_header X-Real-Ip $remote_addr;

        proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;

        proxy_pass https://www.chinasoft.com;

    }

    location /cn {

        rewrite ^/cn/(.*) /$ permanent;

    }

    #注释原来的location

    #location / {

    #               proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;

    #    proxy_pass https://www.chinasoft.com/cn/;

    #}

    #开启新的配置

    location / {

    if (-d $request_filename){

        rewrite (.*) $ break;

    }

    if (-f $request_filename.html){

        rewrite (.*) $.html break;

    }

    try_files $uri /index.html @;

    }

}

server {

    listen ;

    server_name      www.chinasoft.cn chinasoft.cn;

    ssl                     on;

    ssl_certificate         /usr/local/nginx/cert/geo-chinasoft.cn.crt;

    ssl_certificate_key     /usr/local/nginx/cert/geo-chinasoft.cn.key;

    ssl_protocols   TLSv1 TLSv1. TLSv1.;

    ssl_ciphers     "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AE

    S256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3

    -SHA:!KRB5-DES-CBC3-SHA";

    ssl_prefer_server_ciphers on;

    ssl_session_timeout 10m;

    access_log      /data/www/logs/nginx_log/access/chinasoft.cn_access.log main ;

    error_log       /data/www/logs/nginx_log/error/chinasoft.cn_error.log ;

    root            /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle/templates/cn;

    index           index.html index.shtml index.php ;

    #include         rewrite.d/chinasoft.cn.conf ;

    error_page                /.html;

    location /favicon.ico{

        proxy_set_header Host $host;

        proxy_set_header X-Real-Ip $remote_addr;

        proxy_set_header X-Forwarded-For $remote_addr;

        proxy_pass https://www.chinasoft.com;

    }

    location ~ ^/(middle|app|files|back)/ {

        proxy_set_header Host $host;

        proxy_set_header X-Real-Ip $remote_addr;

        proxy_set_header X-Forwarded-For $remote_addr;

        proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;

        proxy_pass https://www.chinasoft.com;

    }

    location /cn {

        rewrite ^/cn/(.*) /$ permanent;

    }

    location /static {

        root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle;

    }

    #注释原来的location

    #location / {

    #        proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;

    #    proxy_pass https://www.chinasoft.com/cn/;

    #}

    #开启新的配置

    location / {

        if (-d $request_filename){

            rewrite (.*) $ break;

        }

        if (-f $request_filename.html){

            rewrite (.*) $.html break;

        }

        try_files $uri /index.html @;

    }

}

第二层代理:

[server02:~]# more /usr/local/nginx/conf/vhost.d/www.chinasoft.com.conf

server {

        listen ;

        server_name     chinasoft.com www.chinasoft.com ;

        access_log      /data/www/logs/nginx_log/access/www.chinasoft.com_access.log main ;

        error_log       /data/www/logs/nginx_log/error/www.chinasoft.com_error.log;

        root            /data/www/vhosts/chinasoft/chinasoft_web/web;

        index           index.html index.php ;

    include    rewrite.d/chinasoft.com.conf ;

    error_page                /.html;    

        location ^~ /middle/file/test-oss-callback {

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_set_header REMOTE-HOST $remote_addr;

            proxy_set_header HTTP_AUTHORIZATION $http_authorization;

            proxy_pass_header Server;

            proxy_redirect off;

            proxy_pass http://1.1.1.1:7980/middle/file/oss-callback;

        }

    rewrite ^/(.*)$ https://www.chinasoft.com/$1 permanent;    #跳转到Https

}

server {

        listen ;

        server_name     www.chinasoft.com chinasoft.com;

        ssl                     on;

        ssl_certificate         /usr/local/nginx/conf/cert2016/chinasoft_com.crt;

        ssl_certificate_key     /usr/local/nginx/conf/cert2016/chinasoft_com.key;

    ssl_dhparam             /usr/local/nginx/conf/cert2016/dh_2048.pem;

    ssl_session_timeout     5m;

        ssl_protocols   TLSv1 TLSv1. TLSv1.;

        ssl_ciphers     "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AE

S256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3

-SHA:!KRB5-DES-CBC3-SHA";

        ssl_prefer_server_ciphers       on;

        gzip on;

        gzip_min_length 1k;

        gzip_buffers  16k;

        gzip_comp_level ;

        gzip_types text/plain application/x-javascript text/css application/xml text/javascript;

        access_log      /data/www/logs/nginx_log/access/www.chinasoft.com_access.log main ;

        error_log       /data/www/logs/nginx_log/error/www.chinasoft.com_error.log ;

        root            /data/www/vhosts/chinasoft/chinasoft_web/web;

        index           index.html index.php ;

        include         rewrite.d/chinasoft.com.conf ;

    error_page   @error404;

        location /cn { include  rewrite.d/chinasoft.cn.conf ; }

        location @error404 {

           rewrite ^/(fr|de|it|es|pt|nl|hi|jp|ru|kr|id|ar|cn) /$/.html last;

           rewrite ^ /.html last;

        }

        location ~ /(fr|de|it|es|pt|nl|hi|jp|ru|kr|id|ar|vn|tr|th|ro|zh-tw|cn)$ {

            rewrite ^/(.*)$ /$/ permanent;

        }

        location ^~ /middle/file/test-oss-callback {

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_set_header REMOTE-HOST $remote_addr;

            proxy_set_header HTTP_AUTHORIZATION $http_authorization;

            proxy_pass_header Server;

            proxy_redirect off;

            proxy_pass http://127.0.0.1:7980/middle/file/test-oss-callback;

        }

        location ~ ^/(middle|app)/ {

        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            #proxy_set_header REMOTE-HOST $remote_addr;

            #proxy_set_header HTTP_AUTHORIZATION $http_authorization;

            #proxy_pass_header Server;

        proxy_set_header Host $host;

            proxy_set_header X-Real-Ip $remote_addr;

         proxy_set_header X-Forwarded-For $remote_addr;

            expires 1d;

            include proxy_params;

            if (!-d $request_filename){

                    set $flag $flag;

            }

            if (!-f $request_filename){

                    set $flag $flag;

            }

            if ($flag = ""){

                    rewrite ^(.*)$ /index.php last;

            }

        }

        location ~ \.php$ {

            #fastcgi_pass 127.0.0.1:;

            fastcgi_pass   unix:/tmp/php-cgi.sock;

            fastcgi_index  index.php;

            fastcgi_read_timeout ;

            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

            include        fastcgi_params;

            expires -;

    }

        location /static {

            root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle;

        }

        location / {

        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            #proxy_set_header REMOTE-HOST $remote_addr;

            #proxy_set_header HTTP_AUTHORIZATION $http_authorization;

            #proxy_pass_header Server;

       proxy_set_header Host $host;

            proxy_set_header X-Real-Ip $remote_addr;

         proxy_set_header X-Forwarded-For $remote_addr;

            expires -10d;

            add_header Cache-Control no-cache;

            root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle/templates;

            index index.html;

            if (-d $request_filename){

               rewrite (.*) $ break;

            }

            if (!-f $request_filename){

               rewrite (.*) $.html break;

            }

            try_files $uri /index.html @error404;

        }

}

nginx多层代理获取客户端的真实ip总结:

、编译Nginx时,添加http_realip_module模块

、在nginx.conf文件中

proxy_pass  xxxxxx添加下面三行

proxy_set_header   Host             $host;

proxy_set_header   X-Real-IP        $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

、在每一层nginx日志中的打印的"$http_x_forwarded_for"就是真实客户端的ip地址。

、后台服务器获取真实的客户端ip地址:

headers中的X-Forwarded-For选项中逗号前第一个ip就是真实客户端ip

日志中获取真实ip:  $http_x_forwarded_for 就是获取真实ip的变量

log_format main  '$remote_addr $http_x_forwarded_for - - [$time_local] - - "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time ';

# more /usr/local/nginx/conf/rewrite.d/chinsoft.com.conf
if ($request_uri ~ ^/(.*)/(index|indice).(html)) { rewrite ^/(.*)/(index|indice).(html) /$1 permanent;}

nginx多层反向代理获取客户端真实ip的更多相关文章

  1. nginx 多级反向代理获取客户端真实IP

    set_real_ip_from ; set_real_ip_from ; set_real_ip_from ; set_real_ip_from ; set_real_ip_from 127.0.0 ...

  2. 关于nginx多层uptstream转发获取客户端真实IP的问题

    因为公司有个需求需要获取客户端的真实IP,前端是haproxy,后面是nginx,本来这个需求不难完成,但是难就难在是https请求也就是ssl 由于个人水平有限,在网上爬了很多资料,刚开始的ha是通 ...

  3. nginx反向代理获取用户真实ip

    nginx做反向代理时,默认的配置后端获取到的ip都是来自于nginx,如何转发用户的真实ip到后端程序呢?如是是java后端,用request.getRemoteAddr();获取到的是nginx的 ...

  4. 关于.net core使用nginx做反向代理获取客户端ip的问题

    1.正常情况下.net core获取客户端ip是比较简单的 /// <summary> /// 获取客户Ip /// </summary> /// <param name ...

  5. 如何取得nginx做反向代理时的真实IP?

    1. 编译 对于client -> nginx reverse proxy -> apache, 要想在程序中取得真实的IP,在执行nginx的configure时,必须指定参数" ...

  6. Nginx反向代理后应用程序获取客户端真实IP

    Nginx反向代理后,Servlet应用通过request.getRemoteAddr()取到的IP是Nginx的IP地址,并非客户端真实IP,通过request.getRequestURL()获取的 ...

  7. nginx 代理模式下,获取客户端真实IP

    最近做博友推荐,发现个小问题,用$_SERVER['REMOTE_ADDR'];得到的都是服务器的地址192.168.96.52,搜索了一下,发现问题,改为$_SERVER['HTTP_X_REAL_ ...

  8. 多层代理获取用户真实IP

    1. 几个概念remote_addr:如果中间没有代理,这个就是客户端的真实IP,如果有代理,这就是上层代理的IP.X-Forwarded-For:一个HTTP扩展头,格式为 X-Forwarded- ...

  9. 获取客户端真实IP地址

    Java-Web获取客户端真实IP: 发生的场景:服务器端接收客户端请求的时候,一般需要进行签名验证,客户端IP限定等情况,在进行客户端IP限定的时候,需要首先获取该真实的IP. 一般分为两种情况: ...

随机推荐

  1. 2019-08-28 redhat linux如何部署禅道服务器(一键安装包)

    linux一键安装包内置了XXD.apache, php, mysql这些应用程序,不需要再单独安装部署. linux一键安装包分为32位和64位两个包,请大家根据操作系统的情况下载相应的包. 一.准 ...

  2. [software test - 001] Why we need software test?

    /*  This is a conclusion about the software testing job. */ /*  Scope: middle level software tasks,  ...

  3. P1392 取数[堆]

    题目描述 在一个n行m列的数阵中,你须在每一行取一个数(共n个数),并将它们相加得到一个和.对于给定的数阵,请你输出和前k小的取数方法. 解析 写这题完全自闭. 根本没联想起远古时期做的 P1631 ...

  4. P2261 [CQOI2007]余数求和[整除分块]

    题目大意 给出正整数 n 和 k 计算 \(G(n, k)=k\ \bmod\ 1 + k\ \bmod\ 2 + k\ \bmod\ 3 + \cdots + k\ \bmod\ n\) 的值 其中 ...

  5. Handling skewed data---trading off precision& recall

    preision与recall之间的权衡 依然是cancer prediction的例子,预测为cancer时,y=1;一般来说做为logistic regression我们是当hθ(x)>=0 ...

  6. MySQL Innodb引擎调优

    介绍: Innodb给MYSQL提供了具有提交,回滚和崩溃恢复能力的事务安全(ACID兼容)存储引擎.Innodb锁定在行级并且也在SELECT语句提供一个Oracle风格一致的非锁定读.这些特色增加 ...

  7. C# 遍历 enum 枚举

    foreach (Suit suit in (Suit[]) Enum.GetValues(typeof(Suit))) { } 注意:强制转换(Suit[])不是必需的,但确实使代码快0.5 ns.

  8. 三.cron计划任务

    • 用途:按照设置的时间间隔为用户反复执行某一项固 定的系统任务 • 软件包:cronie.crontabs • 系统服务:crond • 日志文件:/var/log/crond   • 使用 cro ...

  9. learning java AWT 布局管理器FlowLayout

    AWT提供了FlowLayout   从左到右排列所有组件,遇到边界就会折回下一行重新开始. import java.awt.*; public class FlowLayoutTest { publ ...

  10. saltstack 在window下 发布 service 服务

    saltstack 发布 service 服务 如果是注册的服务发布:   salt -L '172.16.3.39' state.sls service.deploy 目录结构: /home/sal ...