访问路径:

用户 --> www.chinasoft.cn(nginx反向代理) --> www.chinasoft.com(nginx反向代理) --> python服务端程序

经过多层代理

第一层代理:

# cat /usr/local/nginx/conf/vhost.d/www.chinasoft.cn.conf

server {

    listen ;

    server_name     www.chinasoft.cn chinasoft.cn;

    access_log      /data/www/logs/nginx_log/access/chinasoft.cn_access.log main ;

    error_log       /data/www/logs/nginx_log/error/chinasoft.cn_error.log ;

    #root            /data/www/vhosts/chinasoft.cn/httpdocs ;

    index           index.html index.shtml index.php ;

    #include        rewrite.d/chinasoft.cn.conf ;

    error_page                /.html;    

    rewrite ^/(.*)$ https://www.chinasoft.cn/$1 permanent;    #跳转到Https

    location /favicon.ico{

        proxy_pass https://www.chinasoft.com;

    }

    location ~ ^/(middle|app|files|static|back)/ {

        proxy_set_header Host $host;

        proxy_set_header X-Real-Ip $remote_addr;

        proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;

        proxy_pass https://www.chinasoft.com;

    }

    location /cn {

        rewrite ^/cn/(.*) /$ permanent;

    }

    #注释原来的location

    #location / {

    #               proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;

    #    proxy_pass https://www.chinasoft.com/cn/;

    #}

    #开启新的配置

    location / {

    if (-d $request_filename){

        rewrite (.*) $ break;

    }

    if (-f $request_filename.html){

        rewrite (.*) $.html break;

    }

    try_files $uri /index.html @;

    }

}

server {

    listen ;

    server_name      www.chinasoft.cn chinasoft.cn;

    ssl                     on;

    ssl_certificate         /usr/local/nginx/cert/geo-chinasoft.cn.crt;

    ssl_certificate_key     /usr/local/nginx/cert/geo-chinasoft.cn.key;

    ssl_protocols   TLSv1 TLSv1. TLSv1.;

    ssl_ciphers     "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AE

    S256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3

    -SHA:!KRB5-DES-CBC3-SHA";

    ssl_prefer_server_ciphers on;

    ssl_session_timeout 10m;

    access_log      /data/www/logs/nginx_log/access/chinasoft.cn_access.log main ;

    error_log       /data/www/logs/nginx_log/error/chinasoft.cn_error.log ;

    root            /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle/templates/cn;

    index           index.html index.shtml index.php ;

    #include         rewrite.d/chinasoft.cn.conf ;

    error_page                /.html;

    location /favicon.ico{

        proxy_set_header Host $host;

        proxy_set_header X-Real-Ip $remote_addr;

        proxy_set_header X-Forwarded-For $remote_addr;

        proxy_pass https://www.chinasoft.com;

    }

    location ~ ^/(middle|app|files|back)/ {

        proxy_set_header Host $host;

        proxy_set_header X-Real-Ip $remote_addr;

        proxy_set_header X-Forwarded-For $remote_addr;

        proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;

        proxy_pass https://www.chinasoft.com;

    }

    location /cn {

        rewrite ^/cn/(.*) /$ permanent;

    }

    location /static {

        root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle;

    }

    #注释原来的location

    #location / {

    #        proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;

    #    proxy_pass https://www.chinasoft.com/cn/;

    #}

    #开启新的配置

    location / {

        if (-d $request_filename){

            rewrite (.*) $ break;

        }

        if (-f $request_filename.html){

            rewrite (.*) $.html break;

        }

        try_files $uri /index.html @;

    }

}

第二层代理:

[server02:~]# more /usr/local/nginx/conf/vhost.d/www.chinasoft.com.conf

server {

        listen ;

        server_name     chinasoft.com www.chinasoft.com ;

        access_log      /data/www/logs/nginx_log/access/www.chinasoft.com_access.log main ;

        error_log       /data/www/logs/nginx_log/error/www.chinasoft.com_error.log;

        root            /data/www/vhosts/chinasoft/chinasoft_web/web;

        index           index.html index.php ;

    include    rewrite.d/chinasoft.com.conf ;

    error_page                /.html;    

        location ^~ /middle/file/test-oss-callback {

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_set_header REMOTE-HOST $remote_addr;

            proxy_set_header HTTP_AUTHORIZATION $http_authorization;

            proxy_pass_header Server;

            proxy_redirect off;

            proxy_pass http://1.1.1.1:7980/middle/file/oss-callback;

        }

    rewrite ^/(.*)$ https://www.chinasoft.com/$1 permanent;    #跳转到Https

}

server {

        listen ;

        server_name     www.chinasoft.com chinasoft.com;

        ssl                     on;

        ssl_certificate         /usr/local/nginx/conf/cert2016/chinasoft_com.crt;

        ssl_certificate_key     /usr/local/nginx/conf/cert2016/chinasoft_com.key;

    ssl_dhparam             /usr/local/nginx/conf/cert2016/dh_2048.pem;

    ssl_session_timeout     5m;

        ssl_protocols   TLSv1 TLSv1. TLSv1.;

        ssl_ciphers     "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AE

S256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3

-SHA:!KRB5-DES-CBC3-SHA";

        ssl_prefer_server_ciphers       on;

        gzip on;

        gzip_min_length 1k;

        gzip_buffers  16k;

        gzip_comp_level ;

        gzip_types text/plain application/x-javascript text/css application/xml text/javascript;

        access_log      /data/www/logs/nginx_log/access/www.chinasoft.com_access.log main ;

        error_log       /data/www/logs/nginx_log/error/www.chinasoft.com_error.log ;

        root            /data/www/vhosts/chinasoft/chinasoft_web/web;

        index           index.html index.php ;

        include         rewrite.d/chinasoft.com.conf ;

    error_page   @error404;

        location /cn { include  rewrite.d/chinasoft.cn.conf ; }

        location @error404 {

           rewrite ^/(fr|de|it|es|pt|nl|hi|jp|ru|kr|id|ar|cn) /$/.html last;

           rewrite ^ /.html last;

        }

        location ~ /(fr|de|it|es|pt|nl|hi|jp|ru|kr|id|ar|vn|tr|th|ro|zh-tw|cn)$ {

            rewrite ^/(.*)$ /$/ permanent;

        }

        location ^~ /middle/file/test-oss-callback {

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_set_header REMOTE-HOST $remote_addr;

            proxy_set_header HTTP_AUTHORIZATION $http_authorization;

            proxy_pass_header Server;

            proxy_redirect off;

            proxy_pass http://127.0.0.1:7980/middle/file/test-oss-callback;

        }

        location ~ ^/(middle|app)/ {

        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            #proxy_set_header REMOTE-HOST $remote_addr;

            #proxy_set_header HTTP_AUTHORIZATION $http_authorization;

            #proxy_pass_header Server;

        proxy_set_header Host $host;

            proxy_set_header X-Real-Ip $remote_addr;

         proxy_set_header X-Forwarded-For $remote_addr;

            expires 1d;

            include proxy_params;

            if (!-d $request_filename){

                    set $flag $flag;

            }

            if (!-f $request_filename){

                    set $flag $flag;

            }

            if ($flag = ""){

                    rewrite ^(.*)$ /index.php last;

            }

        }

        location ~ \.php$ {

            #fastcgi_pass 127.0.0.1:;

            fastcgi_pass   unix:/tmp/php-cgi.sock;

            fastcgi_index  index.php;

            fastcgi_read_timeout ;

            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

            include        fastcgi_params;

            expires -;

    }

        location /static {

            root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle;

        }

        location / {

        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            #proxy_set_header REMOTE-HOST $remote_addr;

            #proxy_set_header HTTP_AUTHORIZATION $http_authorization;

            #proxy_pass_header Server;

       proxy_set_header Host $host;

            proxy_set_header X-Real-Ip $remote_addr;

         proxy_set_header X-Forwarded-For $remote_addr;

            expires -10d;

            add_header Cache-Control no-cache;

            root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle/templates;

            index index.html;

            if (-d $request_filename){

               rewrite (.*) $ break;

            }

            if (!-f $request_filename){

               rewrite (.*) $.html break;

            }

            try_files $uri /index.html @error404;

        }

}

nginx多层代理获取客户端的真实ip总结:

、编译Nginx时,添加http_realip_module模块

、在nginx.conf文件中

proxy_pass  xxxxxx添加下面三行

proxy_set_header   Host             $host;

proxy_set_header   X-Real-IP        $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

、在每一层nginx日志中的打印的"$http_x_forwarded_for"就是真实客户端的ip地址。

、后台服务器获取真实的客户端ip地址:

headers中的X-Forwarded-For选项中逗号前第一个ip就是真实客户端ip

日志中获取真实ip:  $http_x_forwarded_for 就是获取真实ip的变量

log_format main  '$remote_addr $http_x_forwarded_for - - [$time_local] - - "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time ';

# more /usr/local/nginx/conf/rewrite.d/chinsoft.com.conf
if ($request_uri ~ ^/(.*)/(index|indice).(html)) { rewrite ^/(.*)/(index|indice).(html) /$1 permanent;}

nginx多层反向代理获取客户端真实ip的更多相关文章

  1. nginx 多级反向代理获取客户端真实IP

    set_real_ip_from ; set_real_ip_from ; set_real_ip_from ; set_real_ip_from ; set_real_ip_from 127.0.0 ...

  2. 关于nginx多层uptstream转发获取客户端真实IP的问题

    因为公司有个需求需要获取客户端的真实IP,前端是haproxy,后面是nginx,本来这个需求不难完成,但是难就难在是https请求也就是ssl 由于个人水平有限,在网上爬了很多资料,刚开始的ha是通 ...

  3. nginx反向代理获取用户真实ip

    nginx做反向代理时,默认的配置后端获取到的ip都是来自于nginx,如何转发用户的真实ip到后端程序呢?如是是java后端,用request.getRemoteAddr();获取到的是nginx的 ...

  4. 关于.net core使用nginx做反向代理获取客户端ip的问题

    1.正常情况下.net core获取客户端ip是比较简单的 /// <summary> /// 获取客户Ip /// </summary> /// <param name ...

  5. 如何取得nginx做反向代理时的真实IP?

    1. 编译 对于client -> nginx reverse proxy -> apache, 要想在程序中取得真实的IP,在执行nginx的configure时,必须指定参数" ...

  6. Nginx反向代理后应用程序获取客户端真实IP

    Nginx反向代理后,Servlet应用通过request.getRemoteAddr()取到的IP是Nginx的IP地址,并非客户端真实IP,通过request.getRequestURL()获取的 ...

  7. nginx 代理模式下,获取客户端真实IP

    最近做博友推荐,发现个小问题,用$_SERVER['REMOTE_ADDR'];得到的都是服务器的地址192.168.96.52,搜索了一下,发现问题,改为$_SERVER['HTTP_X_REAL_ ...

  8. 多层代理获取用户真实IP

    1. 几个概念remote_addr:如果中间没有代理,这个就是客户端的真实IP,如果有代理,这就是上层代理的IP.X-Forwarded-For:一个HTTP扩展头,格式为 X-Forwarded- ...

  9. 获取客户端真实IP地址

    Java-Web获取客户端真实IP: 发生的场景:服务器端接收客户端请求的时候,一般需要进行签名验证,客户端IP限定等情况,在进行客户端IP限定的时候,需要首先获取该真实的IP. 一般分为两种情况: ...

随机推荐

  1. [Angular] How to show global loading spinner for application between page navigation

    app.component.ts: import { Component, OnInit } from "@angular/core"; import { select, Stor ...

  2. work,工作模式

    work,工作模式 一个消息只能被一个消费者获取 工作模式就是simple模式多了几个消费者,其他一样 来自为知笔记(Wiz)

  3. 洛谷 P1140 相似基因 题解

    每日一题 day23 打卡 Analysis dp[i][j]表示序列A中前i个与序列B中前j个匹配的相似度最大值 所以,dp方程很容易想到: 1.让a[i]与b[j]匹配 2.让a[i]与B序列中一 ...

  4. Linux shell - 按时间和文件大小排序显示文件

    在工作中有这样的情况,需要显示所有的文件,按照时间先后或者文件大小先后排序显示 命令:ls 1.按时间排序显示文件 1 test@> ll -rt 2.按文件大小排序显示文件(文件大小单位:k, ...

  5. 获取上一个页面的data

    let pages = getCurrentPages();// 获取页面栈 let current = pages[pages.length - 1]; // 当前页面 let url = curr ...

  6. learning java AWT 右键菜单

    import java.awt.*; import java.awt.event.*; public class SimpleMenu { private Frame f = new Frame(&q ...

  7. qt截图grapWindow,操作系统剪切版QClipBoard实现进程间通信

    QPixmap::grapWindow(winID) 存放一个图片QDesktopWidget 获得当前程序所在窗口id pid每个窗口有winID() // 3pixmap scaled 比例缩放 ...

  8. 生活 RH阴性血 AB型

    这个血型很稀有,外国多些,中国很少. ABO型:A.B.AB.O RH血型系统:阴性,阳性 RH阴性血,被称为熊猫血,估计是稀有吧,阴性血缺抗D,我老婆的血型抗原好像是:ccee,大部分汉族人都有抗D ...

  9. 【Python】安装MySQLdb模块centos 6.1 宝塔Linux面板 MySQL5.6

    [Python]安装MySQLdb模块centos 6.1 宝塔Linux面板 MySQL5.6 总之是各种坑 先说一下,宝塔安装在centos 6.1 i368 也就是32位系统上的方法 https ...

  10. Python逆向(四)—— Python内置模块dis.py源码详解

    一.前言 上一节我们对Python编译及反汇编做了讲解,大家知道dis模块可以将编译好的pyc文件中提取出来的PyCodeObject反汇编为可以阅读字节码形式.本节我们对dis模块中的源码进行详细的 ...