访问路径:

用户 --> www.chinasoft.cn(nginx反向代理) --> www.chinasoft.com(nginx反向代理) --> python服务端程序

经过多层代理

第一层代理:

# cat /usr/local/nginx/conf/vhost.d/www.chinasoft.cn.conf

server {

    listen ;

    server_name     www.chinasoft.cn chinasoft.cn;

    access_log      /data/www/logs/nginx_log/access/chinasoft.cn_access.log main ;

    error_log       /data/www/logs/nginx_log/error/chinasoft.cn_error.log ;

    #root            /data/www/vhosts/chinasoft.cn/httpdocs ;

    index           index.html index.shtml index.php ;

    #include        rewrite.d/chinasoft.cn.conf ;

    error_page                /.html;    

    rewrite ^/(.*)$ https://www.chinasoft.cn/$1 permanent;    #跳转到Https

    location /favicon.ico{

        proxy_pass https://www.chinasoft.com;

    }

    location ~ ^/(middle|app|files|static|back)/ {

        proxy_set_header Host $host;

        proxy_set_header X-Real-Ip $remote_addr;

        proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;

        proxy_pass https://www.chinasoft.com;

    }

    location /cn {

        rewrite ^/cn/(.*) /$ permanent;

    }

    #注释原来的location

    #location / {

    #               proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;

    #    proxy_pass https://www.chinasoft.com/cn/;

    #}

    #开启新的配置

    location / {

    if (-d $request_filename){

        rewrite (.*) $ break;

    }

    if (-f $request_filename.html){

        rewrite (.*) $.html break;

    }

    try_files $uri /index.html @;

    }

}

server {

    listen ;

    server_name      www.chinasoft.cn chinasoft.cn;

    ssl                     on;

    ssl_certificate         /usr/local/nginx/cert/geo-chinasoft.cn.crt;

    ssl_certificate_key     /usr/local/nginx/cert/geo-chinasoft.cn.key;

    ssl_protocols   TLSv1 TLSv1. TLSv1.;

    ssl_ciphers     "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AE

    S256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3

    -SHA:!KRB5-DES-CBC3-SHA";

    ssl_prefer_server_ciphers on;

    ssl_session_timeout 10m;

    access_log      /data/www/logs/nginx_log/access/chinasoft.cn_access.log main ;

    error_log       /data/www/logs/nginx_log/error/chinasoft.cn_error.log ;

    root            /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle/templates/cn;

    index           index.html index.shtml index.php ;

    #include         rewrite.d/chinasoft.cn.conf ;

    error_page                /.html;

    location /favicon.ico{

        proxy_set_header Host $host;

        proxy_set_header X-Real-Ip $remote_addr;

        proxy_set_header X-Forwarded-For $remote_addr;

        proxy_pass https://www.chinasoft.com;

    }

    location ~ ^/(middle|app|files|back)/ {

        proxy_set_header Host $host;

        proxy_set_header X-Real-Ip $remote_addr;

        proxy_set_header X-Forwarded-For $remote_addr;

        proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;

        proxy_pass https://www.chinasoft.com;

    }

    location /cn {

        rewrite ^/cn/(.*) /$ permanent;

    }

    location /static {

        root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle;

    }

    #注释原来的location

    #location / {

    #        proxy_cookie_domain www.chinasoft.com www.chinasoft.cn;

    #    proxy_pass https://www.chinasoft.com/cn/;

    #}

    #开启新的配置

    location / {

        if (-d $request_filename){

            rewrite (.*) $ break;

        }

        if (-f $request_filename.html){

            rewrite (.*) $.html break;

        }

        try_files $uri /index.html @;

    }

}

第二层代理:

[server02:~]# more /usr/local/nginx/conf/vhost.d/www.chinasoft.com.conf

server {

        listen ;

        server_name     chinasoft.com www.chinasoft.com ;

        access_log      /data/www/logs/nginx_log/access/www.chinasoft.com_access.log main ;

        error_log       /data/www/logs/nginx_log/error/www.chinasoft.com_error.log;

        root            /data/www/vhosts/chinasoft/chinasoft_web/web;

        index           index.html index.php ;

    include    rewrite.d/chinasoft.com.conf ;

    error_page                /.html;    

        location ^~ /middle/file/test-oss-callback {

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_set_header REMOTE-HOST $remote_addr;

            proxy_set_header HTTP_AUTHORIZATION $http_authorization;

            proxy_pass_header Server;

            proxy_redirect off;

            proxy_pass http://1.1.1.1:7980/middle/file/oss-callback;

        }

    rewrite ^/(.*)$ https://www.chinasoft.com/$1 permanent;    #跳转到Https

}

server {

        listen ;

        server_name     www.chinasoft.com chinasoft.com;

        ssl                     on;

        ssl_certificate         /usr/local/nginx/conf/cert2016/chinasoft_com.crt;

        ssl_certificate_key     /usr/local/nginx/conf/cert2016/chinasoft_com.key;

    ssl_dhparam             /usr/local/nginx/conf/cert2016/dh_2048.pem;

    ssl_session_timeout     5m;

        ssl_protocols   TLSv1 TLSv1. TLSv1.;

        ssl_ciphers     "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AE

S256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3

-SHA:!KRB5-DES-CBC3-SHA";

        ssl_prefer_server_ciphers       on;

        gzip on;

        gzip_min_length 1k;

        gzip_buffers  16k;

        gzip_comp_level ;

        gzip_types text/plain application/x-javascript text/css application/xml text/javascript;

        access_log      /data/www/logs/nginx_log/access/www.chinasoft.com_access.log main ;

        error_log       /data/www/logs/nginx_log/error/www.chinasoft.com_error.log ;

        root            /data/www/vhosts/chinasoft/chinasoft_web/web;

        index           index.html index.php ;

        include         rewrite.d/chinasoft.com.conf ;

    error_page   @error404;

        location /cn { include  rewrite.d/chinasoft.cn.conf ; }

        location @error404 {

           rewrite ^/(fr|de|it|es|pt|nl|hi|jp|ru|kr|id|ar|cn) /$/.html last;

           rewrite ^ /.html last;

        }

        location ~ /(fr|de|it|es|pt|nl|hi|jp|ru|kr|id|ar|vn|tr|th|ro|zh-tw|cn)$ {

            rewrite ^/(.*)$ /$/ permanent;

        }

        location ^~ /middle/file/test-oss-callback {

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_set_header REMOTE-HOST $remote_addr;

            proxy_set_header HTTP_AUTHORIZATION $http_authorization;

            proxy_pass_header Server;

            proxy_redirect off;

            proxy_pass http://127.0.0.1:7980/middle/file/test-oss-callback;

        }

        location ~ ^/(middle|app)/ {

        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            #proxy_set_header REMOTE-HOST $remote_addr;

            #proxy_set_header HTTP_AUTHORIZATION $http_authorization;

            #proxy_pass_header Server;

        proxy_set_header Host $host;

            proxy_set_header X-Real-Ip $remote_addr;

         proxy_set_header X-Forwarded-For $remote_addr;

            expires 1d;

            include proxy_params;

            if (!-d $request_filename){

                    set $flag $flag;

            }

            if (!-f $request_filename){

                    set $flag $flag;

            }

            if ($flag = ""){

                    rewrite ^(.*)$ /index.php last;

            }

        }

        location ~ \.php$ {

            #fastcgi_pass 127.0.0.1:;

            fastcgi_pass   unix:/tmp/php-cgi.sock;

            fastcgi_index  index.php;

            fastcgi_read_timeout ;

            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

            include        fastcgi_params;

            expires -;

    }

        location /static {

            root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle;

        }

        location / {

        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            #proxy_set_header REMOTE-HOST $remote_addr;

            #proxy_set_header HTTP_AUTHORIZATION $http_authorization;

            #proxy_pass_header Server;

       proxy_set_header Host $host;

            proxy_set_header X-Real-Ip $remote_addr;

         proxy_set_header X-Forwarded-For $remote_addr;

            expires -10d;

            add_header Cache-Control no-cache;

            root /data/www/vhosts/chinasoft/chinasoft_web_html/converter_middle/templates;

            index index.html;

            if (-d $request_filename){

               rewrite (.*) $ break;

            }

            if (!-f $request_filename){

               rewrite (.*) $.html break;

            }

            try_files $uri /index.html @error404;

        }

}

nginx多层代理获取客户端的真实ip总结:

、编译Nginx时,添加http_realip_module模块

、在nginx.conf文件中

proxy_pass  xxxxxx添加下面三行

proxy_set_header   Host             $host;

proxy_set_header   X-Real-IP        $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

、在每一层nginx日志中的打印的"$http_x_forwarded_for"就是真实客户端的ip地址。

、后台服务器获取真实的客户端ip地址:

headers中的X-Forwarded-For选项中逗号前第一个ip就是真实客户端ip

日志中获取真实ip:  $http_x_forwarded_for 就是获取真实ip的变量

log_format main  '$remote_addr $http_x_forwarded_for - - [$time_local] - - "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time ';

# more /usr/local/nginx/conf/rewrite.d/chinsoft.com.conf
if ($request_uri ~ ^/(.*)/(index|indice).(html)) { rewrite ^/(.*)/(index|indice).(html) /$1 permanent;}

nginx多层反向代理获取客户端真实ip的更多相关文章

  1. nginx 多级反向代理获取客户端真实IP

    set_real_ip_from ; set_real_ip_from ; set_real_ip_from ; set_real_ip_from ; set_real_ip_from 127.0.0 ...

  2. 关于nginx多层uptstream转发获取客户端真实IP的问题

    因为公司有个需求需要获取客户端的真实IP,前端是haproxy,后面是nginx,本来这个需求不难完成,但是难就难在是https请求也就是ssl 由于个人水平有限,在网上爬了很多资料,刚开始的ha是通 ...

  3. nginx反向代理获取用户真实ip

    nginx做反向代理时,默认的配置后端获取到的ip都是来自于nginx,如何转发用户的真实ip到后端程序呢?如是是java后端,用request.getRemoteAddr();获取到的是nginx的 ...

  4. 关于.net core使用nginx做反向代理获取客户端ip的问题

    1.正常情况下.net core获取客户端ip是比较简单的 /// <summary> /// 获取客户Ip /// </summary> /// <param name ...

  5. 如何取得nginx做反向代理时的真实IP?

    1. 编译 对于client -> nginx reverse proxy -> apache, 要想在程序中取得真实的IP,在执行nginx的configure时,必须指定参数" ...

  6. Nginx反向代理后应用程序获取客户端真实IP

    Nginx反向代理后,Servlet应用通过request.getRemoteAddr()取到的IP是Nginx的IP地址,并非客户端真实IP,通过request.getRequestURL()获取的 ...

  7. nginx 代理模式下,获取客户端真实IP

    最近做博友推荐,发现个小问题,用$_SERVER['REMOTE_ADDR'];得到的都是服务器的地址192.168.96.52,搜索了一下,发现问题,改为$_SERVER['HTTP_X_REAL_ ...

  8. 多层代理获取用户真实IP

    1. 几个概念remote_addr:如果中间没有代理,这个就是客户端的真实IP,如果有代理,这就是上层代理的IP.X-Forwarded-For:一个HTTP扩展头,格式为 X-Forwarded- ...

  9. 获取客户端真实IP地址

    Java-Web获取客户端真实IP: 发生的场景:服务器端接收客户端请求的时候,一般需要进行签名验证,客户端IP限定等情况,在进行客户端IP限定的时候,需要首先获取该真实的IP. 一般分为两种情况: ...

随机推荐

  1. spark context stop use with as

    调用方法: with session.SparkStreamingSession('CC_Traffic_Realtime', ssc_time_windown) as ss_session: kaf ...

  2. SpringBoot RabbitMQ 延迟队列代码实现

    场景 用户下单后,如果30min未支付,则删除该订单,这时候就要可以用延迟队列 准备 利用rabbitmq_delayed_message_exchange插件: 首先下载该插件:https://ww ...

  3. Java精通并发-死锁检测与相关工具详解

    关于死锁其实在之前https://www.cnblogs.com/webor2006/p/10659938.html的jvm学习中已经详细举过例子了,不过这里再来复习一下,另外是从并发这个专题领域的角 ...

  4. js比较日期大小 判断日期

    使用js的方法来判断两个日期的先后关系,不能正常判断,因此手写了一个方法,如下: //判断开始日期是否大于结束日期,注意,该方法仅仅适用于“2010-01-01”这样的日期格式!   function ...

  5. Vue中的插槽---slot

    一:什么是插槽? 插槽(Slot)是Vue提出来的一个概念,正如名字一样,插槽用于决定将所携带的内容,插入到指定的某个位置,从而使模板分块,具有模块化的特质和更大的重用性. 插槽显不显示.怎样显示是由 ...

  6. python 之类、self

    类是什么 可以视为种类或者类型的同义词.所有的对象都属于某一个类,称为类的实例. 例如:鸟就是"鸟类"的实例.这就是一个有很多子类的一般(抽象)类:看到的鸟可能属于子类" ...

  7. learning java ATW ScrollPane

    import java.awt.*; public class ScrollPaneTest { public static void main(String[] args) { var f = ne ...

  8. CSS字体图标

    一.什么是字体图标: 1. 字体图标可以和图片一样改变透明度,旋转度,等等 2.本质是文字,可以改变大小颜色等等比较适用于移动端 总结;图标字体具有矢量效果,放大缩小不失真,而且可以使用CSS任意更改 ...

  9. 洛谷P1038 神经网络题解

    注意如果是 \(if(c[i])\) 这条语句并没有说明c[i]不为负数,所以说最好老老实实的写 #include<cstdio> #define _ 0 using namespace ...

  10. CODE FESTIVAL 2017 Final题解

    传送门 \(A\) 咕咕 const int N=55; const char to[]={"AKIHABARA"}; char s[N];int n; int main(){ s ...