访问路径:

用户 --> www.chinasoft.cn(nginx反向代理) --> www.chinasoft.com(nginx反向代理) --> python服务端程序

经过多层代理

第一层代理:

# cat /usr/local/nginx/conf/vhost.d/www.chinasoft.cn.conf

server {

    listen ;

    server_name     www.chinasoft.cn chinasoft.cn;

    access_log      /data/www/logs/nginx_log/access/chinasoft.cn_access.log main ;

    error_log       /data/www/logs/nginx_log/error/chinasoft.cn_error.log ;

    #root            /data/www/vhosts/chinasoft.cn/httpdocs ;

    index           index.html index.shtml index.php ;

    #include        rewrite.d/chinasoft.cn.conf ;

    error_page                /.html;    

    rewrite ^/(.*)$ https://www.chinasoft.cn/$1 permanent;    #跳转到Https

    location /favicon.ico{

        proxy_pass https://www.chinasoft.com;

    }

    location ~ ^/(middle|app|files|static|back)/ {

        proxy_set_header Host $host;

        proxy_set_header X-Real-Ip $remote_addr;

        proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;

        proxy_pass https://www.chinasoft.com;

    }

    location /cn {

        rewrite ^/cn/(.*) /$ permanent;

    }

    #注释原来的location

    #location / {

    #               proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;

    #    proxy_pass https://www.chinasoft.com/cn/;

    #}

    #开启新的配置

    location / {

    if (-d $request_filename){

        rewrite (.*) $ break;

    }

    if (-f $request_filename.html){

        rewrite (.*) $.html break;

    }

    try_files $uri /index.html @;

    }

}

server {

    listen ;

    server_name      www.chinasoft.cn chinasoft.cn;

    ssl                     on;

    ssl_certificate         /usr/local/nginx/cert/geo-chinasoft.cn.crt;

    ssl_certificate_key     /usr/local/nginx/cert/geo-chinasoft.cn.key;

    ssl_protocols   TLSv1 TLSv1. TLSv1.;

    ssl_ciphers     "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AE

    S256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3

    -SHA:!KRB5-DES-CBC3-SHA";

    ssl_prefer_server_ciphers on;

    ssl_session_timeout 10m;

    access_log      /data/www/logs/nginx_log/access/chinasoft.cn_access.log main ;

    error_log       /data/www/logs/nginx_log/error/chinasoft.cn_error.log ;

    root            /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle/templates/cn;

    index           index.html index.shtml index.php ;

    #include         rewrite.d/chinasoft.cn.conf ;

    error_page                /.html;

    location /favicon.ico{

        proxy_set_header Host $host;

        proxy_set_header X-Real-Ip $remote_addr;

        proxy_set_header X-Forwarded-For $remote_addr;

        proxy_pass https://www.chinasoft.com;

    }

    location ~ ^/(middle|app|files|back)/ {

        proxy_set_header Host $host;

        proxy_set_header X-Real-Ip $remote_addr;

        proxy_set_header X-Forwarded-For $remote_addr;

        proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;

        proxy_pass https://www.chinasoft.com;

    }

    location /cn {

        rewrite ^/cn/(.*) /$ permanent;

    }

    location /static {

        root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle;

    }

    #注释原来的location

    #location / {

    #        proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;

    #    proxy_pass https://www.chinasoft.com/cn/;

    #}

    #开启新的配置

    location / {

        if (-d $request_filename){

            rewrite (.*) $ break;

        }

        if (-f $request_filename.html){

            rewrite (.*) $.html break;

        }

        try_files $uri /index.html @;

    }

}

第二层代理:

[server02:~]# more /usr/local/nginx/conf/vhost.d/www.chinasoft.com.conf

server {

        listen ;

        server_name     chinasoft.com www.chinasoft.com ;

        access_log      /data/www/logs/nginx_log/access/www.chinasoft.com_access.log main ;

        error_log       /data/www/logs/nginx_log/error/www.chinasoft.com_error.log;

        root            /data/www/vhosts/chinasoft/chinasoft_web/web;

        index           index.html index.php ;

    include    rewrite.d/chinasoft.com.conf ;

    error_page                /.html;    

        location ^~ /middle/file/test-oss-callback {

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_set_header REMOTE-HOST $remote_addr;

            proxy_set_header HTTP_AUTHORIZATION $http_authorization;

            proxy_pass_header Server;

            proxy_redirect off;

            proxy_pass http://1.1.1.1:7980/middle/file/oss-callback;

        }

    rewrite ^/(.*)$ https://www.chinasoft.com/$1 permanent;    #跳转到Https

}

server {

        listen ;

        server_name     www.chinasoft.com chinasoft.com;

        ssl                     on;

        ssl_certificate         /usr/local/nginx/conf/cert2016/chinasoft_com.crt;

        ssl_certificate_key     /usr/local/nginx/conf/cert2016/chinasoft_com.key;

    ssl_dhparam             /usr/local/nginx/conf/cert2016/dh_2048.pem;

    ssl_session_timeout     5m;

        ssl_protocols   TLSv1 TLSv1. TLSv1.;

        ssl_ciphers     "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AE

S256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3

-SHA:!KRB5-DES-CBC3-SHA";

        ssl_prefer_server_ciphers       on;

        gzip on;

        gzip_min_length 1k;

        gzip_buffers  16k;

        gzip_comp_level ;

        gzip_types text/plain application/x-javascript text/css application/xml text/javascript;

        access_log      /data/www/logs/nginx_log/access/www.chinasoft.com_access.log main ;

        error_log       /data/www/logs/nginx_log/error/www.chinasoft.com_error.log ;

        root            /data/www/vhosts/chinasoft/chinasoft_web/web;

        index           index.html index.php ;

        include         rewrite.d/chinasoft.com.conf ;

    error_page   @error404;

        location /cn { include  rewrite.d/chinasoft.cn.conf ; }

        location @error404 {

           rewrite ^/(fr|de|it|es|pt|nl|hi|jp|ru|kr|id|ar|cn) /$/.html last;

           rewrite ^ /.html last;

        }

        location ~ /(fr|de|it|es|pt|nl|hi|jp|ru|kr|id|ar|vn|tr|th|ro|zh-tw|cn)$ {

            rewrite ^/(.*)$ /$/ permanent;

        }

        location ^~ /middle/file/test-oss-callback {

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_set_header REMOTE-HOST $remote_addr;

            proxy_set_header HTTP_AUTHORIZATION $http_authorization;

            proxy_pass_header Server;

            proxy_redirect off;

            proxy_pass http://127.0.0.1:7980/middle/file/test-oss-callback;

        }

        location ~ ^/(middle|app)/ {

        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            #proxy_set_header REMOTE-HOST $remote_addr;

            #proxy_set_header HTTP_AUTHORIZATION $http_authorization;

            #proxy_pass_header Server;

        proxy_set_header Host $host;

            proxy_set_header X-Real-Ip $remote_addr;

         proxy_set_header X-Forwarded-For $remote_addr;

            expires 1d;

            include proxy_params;

            if (!-d $request_filename){

                    set $flag $flag;

            }

            if (!-f $request_filename){

                    set $flag $flag;

            }

            if ($flag = ""){

                    rewrite ^(.*)$ /index.php last;

            }

        }

        location ~ \.php$ {

            #fastcgi_pass 127.0.0.1:;

            fastcgi_pass   unix:/tmp/php-cgi.sock;

            fastcgi_index  index.php;

            fastcgi_read_timeout ;

            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

            include        fastcgi_params;

            expires -;

    }

        location /static {

            root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle;

        }

        location / {

        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            #proxy_set_header REMOTE-HOST $remote_addr;

            #proxy_set_header HTTP_AUTHORIZATION $http_authorization;

            #proxy_pass_header Server;

       proxy_set_header Host $host;

            proxy_set_header X-Real-Ip $remote_addr;

         proxy_set_header X-Forwarded-For $remote_addr;

            expires -10d;

            add_header Cache-Control no-cache;

            root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle/templates;

            index index.html;

            if (-d $request_filename){

               rewrite (.*) $ break;

            }

            if (!-f $request_filename){

               rewrite (.*) $.html break;

            }

            try_files $uri /index.html @error404;

        }

}

nginx多层代理获取客户端的真实ip总结:

、编译Nginx时,添加http_realip_module模块

、在nginx.conf文件中

proxy_pass  xxxxxx添加下面三行

proxy_set_header   Host             $host;

proxy_set_header   X-Real-IP        $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

、在每一层nginx日志中的打印的"$http_x_forwarded_for"就是真实客户端的ip地址。

、后台服务器获取真实的客户端ip地址:

headers中的X-Forwarded-For选项中逗号前第一个ip就是真实客户端ip

日志中获取真实ip:  $http_x_forwarded_for 就是获取真实ip的变量

log_format main  '$remote_addr $http_x_forwarded_for - - [$time_local] - - "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time ';

# more /usr/local/nginx/conf/rewrite.d/chinsoft.com.conf
if ($request_uri ~ ^/(.*)/(index|indice).(html)) { rewrite ^/(.*)/(index|indice).(html) /$1 permanent;}

nginx多层反向代理获取客户端真实ip的更多相关文章

  1. nginx 多级反向代理获取客户端真实IP

    set_real_ip_from ; set_real_ip_from ; set_real_ip_from ; set_real_ip_from ; set_real_ip_from 127.0.0 ...

  2. 关于nginx多层uptstream转发获取客户端真实IP的问题

    因为公司有个需求需要获取客户端的真实IP,前端是haproxy,后面是nginx,本来这个需求不难完成,但是难就难在是https请求也就是ssl 由于个人水平有限,在网上爬了很多资料,刚开始的ha是通 ...

  3. nginx反向代理获取用户真实ip

    nginx做反向代理时,默认的配置后端获取到的ip都是来自于nginx,如何转发用户的真实ip到后端程序呢?如是是java后端,用request.getRemoteAddr();获取到的是nginx的 ...

  4. 关于.net core使用nginx做反向代理获取客户端ip的问题

    1.正常情况下.net core获取客户端ip是比较简单的 /// <summary> /// 获取客户Ip /// </summary> /// <param name ...

  5. 如何取得nginx做反向代理时的真实IP?

    1. 编译 对于client -> nginx reverse proxy -> apache, 要想在程序中取得真实的IP,在执行nginx的configure时,必须指定参数" ...

  6. Nginx反向代理后应用程序获取客户端真实IP

    Nginx反向代理后,Servlet应用通过request.getRemoteAddr()取到的IP是Nginx的IP地址,并非客户端真实IP,通过request.getRequestURL()获取的 ...

  7. nginx 代理模式下,获取客户端真实IP

    最近做博友推荐,发现个小问题,用$_SERVER['REMOTE_ADDR'];得到的都是服务器的地址192.168.96.52,搜索了一下,发现问题,改为$_SERVER['HTTP_X_REAL_ ...

  8. 多层代理获取用户真实IP

    1. 几个概念remote_addr:如果中间没有代理,这个就是客户端的真实IP,如果有代理,这就是上层代理的IP.X-Forwarded-For:一个HTTP扩展头,格式为 X-Forwarded- ...

  9. 获取客户端真实IP地址

    Java-Web获取客户端真实IP: 发生的场景:服务器端接收客户端请求的时候,一般需要进行签名验证,客户端IP限定等情况,在进行客户端IP限定的时候,需要首先获取该真实的IP. 一般分为两种情况: ...

随机推荐

  1. 给定数字N,输出小于10^N的所有整数

    讲起来比较简单,从0到N遍历输出就行了,但是如果N非常大,就涉及整数溢出问题,很明显是一个全排列问题,也就是输出N,代表N位上所有的数字取值是0-9,做一个全排列,还需要考虑的就是对于0001,006 ...

  2. 51nod 1305 Pairwise Sum and Divide

    有这样一段程序,fun会对整数数组A进行求值,其中Floor表示向下取整:   fun(A)     sum = 0     for i = 1 to A.length         for j = ...

  3. 优化MyEclipse编译速度慢的问题、build、project clean 慢

    优化MyEclipse编译速度慢的问题(重点是1) 1 .关闭MyEclipse的自动validation windows > perferences > myeclipse > v ...

  4. mini_frame(web框架)

    文件目录: dynamic中:框架 static:css,jss静态文件 teplates:模板 web_server.conf: 配置文件 web_server.py: 主程序 run.sh:运行脚 ...

  5. Hdfs读写数据出错

    1.Hdfs读数据出错:若在读数据的过程中,客户端和DataNode的通信出现错误,则会尝试连接下一个 包含次文件块的DataNode.同时记录失败的DataNode,此后不再被连接. 2.Hdfs在 ...

  6. 2019红帽杯部分wp

    xx 程序首先取输入的前4个字符作为xxtea加密的密钥之后进行xxtea加密.接着进行位置置换操作,然后又进行了以3个为一组的异或 首先逆向解出xxtea加密之后的结果 #include<st ...

  7. ERROR: `elasticsearch` directory is missing in the plugin zip

    该问题出现在为elasticsearch安装中文分词器插件时 问题发生在插件和es版本不匹配~ 解决: es版本与插件版本对应齐 命令行安装 C:\Users\SeeClanUkyo>F:\el ...

  8. RookeyFrame 还原 软删除的数据 怎么硬删除 或者 怎么还原

     列表搜索栏上有个删除图标,可以进入回收站   如图:

  9. 洛谷 P2661 信息传递 题解

    P2661 信息传递 题目描述 有 \(n\) 个同学(编号为 \(1\) 到 \(n\) )正在玩一个信息传递的游戏.在游戏里每人都有一个固定的信息传递对象,其中,编号为 \(i\) 的同学的信息传 ...

  10. 交互设计算法基础(2) - Selection Sort

    int[] selection_sort(int[] arr) { int i, j, min, temp, len=arr.length; for (i=0; i<len-1; i++) { ...