访问路径:

用户 --> www.chinasoft.cn(nginx反向代理) --> www.chinasoft.com(nginx反向代理) --> python服务端程序

经过多层代理

第一层代理:

# cat /usr/local/nginx/conf/vhost.d/www.chinasoft.cn.conf

server {

    listen ;

    server_name     www.chinasoft.cn chinasoft.cn;

    access_log      /data/www/logs/nginx_log/access/chinasoft.cn_access.log main ;

    error_log       /data/www/logs/nginx_log/error/chinasoft.cn_error.log ;

    #root            /data/www/vhosts/chinasoft.cn/httpdocs ;

    index           index.html index.shtml index.php ;

    #include        rewrite.d/chinasoft.cn.conf ;

    error_page                /.html;    

    rewrite ^/(.*)$ https://www.chinasoft.cn/$1 permanent;    #跳转到Https

    location /favicon.ico{

        proxy_pass https://www.chinasoft.com;

    }

    location ~ ^/(middle|app|files|static|back)/ {

        proxy_set_header Host $host;

        proxy_set_header X-Real-Ip $remote_addr;

        proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;

        proxy_pass https://www.chinasoft.com;

    }

    location /cn {

        rewrite ^/cn/(.*) /$ permanent;

    }

    #注释原来的location

    #location / {

    #               proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;

    #    proxy_pass https://www.chinasoft.com/cn/;

    #}

    #开启新的配置

    location / {

    if (-d $request_filename){

        rewrite (.*) $ break;

    }

    if (-f $request_filename.html){

        rewrite (.*) $.html break;

    }

    try_files $uri /index.html @;

    }

}

server {

    listen ;

    server_name      www.chinasoft.cn chinasoft.cn;

    ssl                     on;

    ssl_certificate         /usr/local/nginx/cert/geo-chinasoft.cn.crt;

    ssl_certificate_key     /usr/local/nginx/cert/geo-chinasoft.cn.key;

    ssl_protocols   TLSv1 TLSv1. TLSv1.;

    ssl_ciphers     "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AE

    S256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3

    -SHA:!KRB5-DES-CBC3-SHA";

    ssl_prefer_server_ciphers on;

    ssl_session_timeout 10m;

    access_log      /data/www/logs/nginx_log/access/chinasoft.cn_access.log main ;

    error_log       /data/www/logs/nginx_log/error/chinasoft.cn_error.log ;

    root            /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle/templates/cn;

    index           index.html index.shtml index.php ;

    #include         rewrite.d/chinasoft.cn.conf ;

    error_page                /.html;

    location /favicon.ico{

        proxy_set_header Host $host;

        proxy_set_header X-Real-Ip $remote_addr;

        proxy_set_header X-Forwarded-For $remote_addr;

        proxy_pass https://www.chinasoft.com;

    }

    location ~ ^/(middle|app|files|back)/ {

        proxy_set_header Host $host;

        proxy_set_header X-Real-Ip $remote_addr;

        proxy_set_header X-Forwarded-For $remote_addr;

        proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;

        proxy_pass https://www.chinasoft.com;

    }

    location /cn {

        rewrite ^/cn/(.*) /$ permanent;

    }

    location /static {

        root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle;

    }

    #注释原来的location

    #location / {

    #        proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;

    #    proxy_pass https://www.chinasoft.com/cn/;

    #}

    #开启新的配置

    location / {

        if (-d $request_filename){

            rewrite (.*) $ break;

        }

        if (-f $request_filename.html){

            rewrite (.*) $.html break;

        }

        try_files $uri /index.html @;

    }

}

第二层代理:

[server02:~]# more /usr/local/nginx/conf/vhost.d/www.chinasoft.com.conf

server {

        listen ;

        server_name     chinasoft.com www.chinasoft.com ;

        access_log      /data/www/logs/nginx_log/access/www.chinasoft.com_access.log main ;

        error_log       /data/www/logs/nginx_log/error/www.chinasoft.com_error.log;

        root            /data/www/vhosts/chinasoft/chinasoft_web/web;

        index           index.html index.php ;

    include    rewrite.d/chinasoft.com.conf ;

    error_page                /.html;    

        location ^~ /middle/file/test-oss-callback {

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_set_header REMOTE-HOST $remote_addr;

            proxy_set_header HTTP_AUTHORIZATION $http_authorization;

            proxy_pass_header Server;

            proxy_redirect off;

            proxy_pass http://1.1.1.1:7980/middle/file/oss-callback;

        }

    rewrite ^/(.*)$ https://www.chinasoft.com/$1 permanent;    #跳转到Https

}

server {

        listen ;

        server_name     www.chinasoft.com chinasoft.com;

        ssl                     on;

        ssl_certificate         /usr/local/nginx/conf/cert2016/chinasoft_com.crt;

        ssl_certificate_key     /usr/local/nginx/conf/cert2016/chinasoft_com.key;

    ssl_dhparam             /usr/local/nginx/conf/cert2016/dh_2048.pem;

    ssl_session_timeout     5m;

        ssl_protocols   TLSv1 TLSv1. TLSv1.;

        ssl_ciphers     "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AE

S256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3

-SHA:!KRB5-DES-CBC3-SHA";

        ssl_prefer_server_ciphers       on;

        gzip on;

        gzip_min_length 1k;

        gzip_buffers  16k;

        gzip_comp_level ;

        gzip_types text/plain application/x-javascript text/css application/xml text/javascript;

        access_log      /data/www/logs/nginx_log/access/www.chinasoft.com_access.log main ;

        error_log       /data/www/logs/nginx_log/error/www.chinasoft.com_error.log ;

        root            /data/www/vhosts/chinasoft/chinasoft_web/web;

        index           index.html index.php ;

        include         rewrite.d/chinasoft.com.conf ;

    error_page   @error404;

        location /cn { include  rewrite.d/chinasoft.cn.conf ; }

        location @error404 {

           rewrite ^/(fr|de|it|es|pt|nl|hi|jp|ru|kr|id|ar|cn) /$/.html last;

           rewrite ^ /.html last;

        }

        location ~ /(fr|de|it|es|pt|nl|hi|jp|ru|kr|id|ar|vn|tr|th|ro|zh-tw|cn)$ {

            rewrite ^/(.*)$ /$/ permanent;

        }

        location ^~ /middle/file/test-oss-callback {

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_set_header REMOTE-HOST $remote_addr;

            proxy_set_header HTTP_AUTHORIZATION $http_authorization;

            proxy_pass_header Server;

            proxy_redirect off;

            proxy_pass http://127.0.0.1:7980/middle/file/test-oss-callback;

        }

        location ~ ^/(middle|app)/ {

        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            #proxy_set_header REMOTE-HOST $remote_addr;

            #proxy_set_header HTTP_AUTHORIZATION $http_authorization;

            #proxy_pass_header Server;

        proxy_set_header Host $host;

            proxy_set_header X-Real-Ip $remote_addr;

         proxy_set_header X-Forwarded-For $remote_addr;

            expires 1d;

            include proxy_params;

            if (!-d $request_filename){

                    set $flag $flag;

            }

            if (!-f $request_filename){

                    set $flag $flag;

            }

            if ($flag = ""){

                    rewrite ^(.*)$ /index.php last;

            }

        }

        location ~ \.php$ {

            #fastcgi_pass 127.0.0.1:;

            fastcgi_pass   unix:/tmp/php-cgi.sock;

            fastcgi_index  index.php;

            fastcgi_read_timeout ;

            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

            include        fastcgi_params;

            expires -;

    }

        location /static {

            root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle;

        }

        location / {

        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            #proxy_set_header REMOTE-HOST $remote_addr;

            #proxy_set_header HTTP_AUTHORIZATION $http_authorization;

            #proxy_pass_header Server;

       proxy_set_header Host $host;

            proxy_set_header X-Real-Ip $remote_addr;

         proxy_set_header X-Forwarded-For $remote_addr;

            expires -10d;

            add_header Cache-Control no-cache;

            root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle/templates;

            index index.html;

            if (-d $request_filename){

               rewrite (.*) $ break;

            }

            if (!-f $request_filename){

               rewrite (.*) $.html break;

            }

            try_files $uri /index.html @error404;

        }

}

nginx多层代理获取客户端的真实ip总结:

、编译Nginx时,添加http_realip_module模块

、在nginx.conf文件中

proxy_pass  xxxxxx添加下面三行

proxy_set_header   Host             $host;

proxy_set_header   X-Real-IP        $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

、在每一层nginx日志中的打印的"$http_x_forwarded_for"就是真实客户端的ip地址。

、后台服务器获取真实的客户端ip地址:

headers中的X-Forwarded-For选项中逗号前第一个ip就是真实客户端ip

日志中获取真实ip:  $http_x_forwarded_for 就是获取真实ip的变量

log_format main  '$remote_addr $http_x_forwarded_for - - [$time_local] - - "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time ';

# more /usr/local/nginx/conf/rewrite.d/chinsoft.com.conf
if ($request_uri ~ ^/(.*)/(index|indice).(html)) { rewrite ^/(.*)/(index|indice).(html) /$1 permanent;}

nginx多层反向代理获取客户端真实ip的更多相关文章

  1. nginx 多级反向代理获取客户端真实IP

    set_real_ip_from ; set_real_ip_from ; set_real_ip_from ; set_real_ip_from ; set_real_ip_from 127.0.0 ...

  2. 关于nginx多层uptstream转发获取客户端真实IP的问题

    因为公司有个需求需要获取客户端的真实IP,前端是haproxy,后面是nginx,本来这个需求不难完成,但是难就难在是https请求也就是ssl 由于个人水平有限,在网上爬了很多资料,刚开始的ha是通 ...

  3. nginx反向代理获取用户真实ip

    nginx做反向代理时,默认的配置后端获取到的ip都是来自于nginx,如何转发用户的真实ip到后端程序呢?如是是java后端,用request.getRemoteAddr();获取到的是nginx的 ...

  4. 关于.net core使用nginx做反向代理获取客户端ip的问题

    1.正常情况下.net core获取客户端ip是比较简单的 /// <summary> /// 获取客户Ip /// </summary> /// <param name ...

  5. 如何取得nginx做反向代理时的真实IP?

    1. 编译 对于client -> nginx reverse proxy -> apache, 要想在程序中取得真实的IP,在执行nginx的configure时,必须指定参数" ...

  6. Nginx反向代理后应用程序获取客户端真实IP

    Nginx反向代理后,Servlet应用通过request.getRemoteAddr()取到的IP是Nginx的IP地址,并非客户端真实IP,通过request.getRequestURL()获取的 ...

  7. nginx 代理模式下,获取客户端真实IP

    最近做博友推荐,发现个小问题,用$_SERVER['REMOTE_ADDR'];得到的都是服务器的地址192.168.96.52,搜索了一下,发现问题,改为$_SERVER['HTTP_X_REAL_ ...

  8. 多层代理获取用户真实IP

    1. 几个概念remote_addr:如果中间没有代理,这个就是客户端的真实IP,如果有代理,这就是上层代理的IP.X-Forwarded-For:一个HTTP扩展头,格式为 X-Forwarded- ...

  9. 获取客户端真实IP地址

    Java-Web获取客户端真实IP: 发生的场景:服务器端接收客户端请求的时候,一般需要进行签名验证,客户端IP限定等情况,在进行客户端IP限定的时候,需要首先获取该真实的IP. 一般分为两种情况: ...

随机推荐

  1. linux系统编程之进程(四)

    今天继续研究进程相关的东东,话不多说,进入正题: SIGCHLD: 关于它,之前章节的学习中已经用到了,具体可以参考博文:http://www.cnblogs.com/webor2006/p/3500 ...

  2. golang log 使用

    原文:https://www.jianshu.com/p/d634316a9487 --------------------------------------------- 在我们开发程序后,如果有 ...

  3. redis cluster集群的原理

    redis集群的概述: 在以前,如果前几年的时候,一般来说,redis如果要搞几个节点,每个节点存储一部分的数据,得借助一些中间件来实现,比如说有codis,或者twemproxy,都有.有一些red ...

  4. 在eclipse运行一个项目报端口被占的问题

    1.端口被占问题解决方法. 我们运行javaweb项目的时候,如果不幸你的项目出现了上图的那种情况,不要慌,仅仅是端口被占了而已,只需要打开你tomcat里面的bin里面的shutdown.bat即可 ...

  5. Oracle 查询结果去重保留一项

    首先因为需要查询很多字段,也就排除了使用distinct的可能性. 1.1 原始sql select finalSql.* from (select '' SMS_CONTENT, ' as 短信发出 ...

  6. matlat保存矩阵数据

    a=[1 2 3; 4 5 6]; fid = fopen('haha.txt', 'w+');fprintf(fid,'%8.4f %8.3f %d\n', a');fclose(fid); typ ...

  7. 转载 C# 开源框架(整理)

    C# 开源框架(整理)http://www.cnblogs.com/gaoyuchuanIT/articles/5612268.html Json.NET http://json.codeplex.c ...

  8. ServletContext对象应用——三天免登录

    1.用到的知识点: (1)Cookie (2)Session (3)ServletContext 其中Cookie和Session是会话技术的组成部分,一次会话从打开浏览器的某个站点开始,到浏览器关闭 ...

  9. (2)Angular的开发

    什么是 ReactNative应用, 小程序与RN的关系 native端优化 Js端优化 ReactNative是? 用JavaScript来写App,性能好 异步编程 请点赞!因为你的鼓励是我写作的 ...

  10. (22)打鸡儿教你Vue.js

    vue.js 单页面,多页面 Vue cli工具 复杂单页面应用Vue cli工具 交互设计,逻辑设计,接口设计 代码实现,线上测试 git clone,git int 创建分支,推送分支,合并分支 ...