http://blog.csdn.net/xbynet/article/details/51899286?_t=t

http://shift-alt-ctrl.iteye.com/blog/2331455

http://blog.csdn.net/bao19901210/article/details/52537279

在参考了资料:
http://stackoverflow.com/questions/8393772/how-to-get-non-standard-http-headers-on-nginx
http://nginx.org/en/docs/http/ngx_http_core_module.html#underscores_in_headers
http://serverfault.com/questions/297225/nginx-passing-back-custom-header
https://easyengine.io/tutorials/nginx/forwarding-visitors-real-ip/
http://www.ttlsa.com/nginx/nginx-proxy_set_header/

后得到如下:
1、nginx是支持读取非nginx标准的用户自定义header的,但是需要在http或者server下开启header的下划线支持:

  • underscores_in_headers on;

2、比如我们自定义header为X-Real-IP,通过第二个nginx获取该header时需要这样:

  • $http_x_real_ip; (一律采用小写,而且前面多了个http_)

3、如果需要把自定义header传递到下一个nginx:

  • 如果是在nginx中自定义采用proxy_set_header X_CUSTOM_HEADER $http_host;
  • 如果是在用户请求时自定义的header,例如curl –head -H “X_CUSTOM_HEADER: foo” http://domain.com/api/test,则需要通过proxy_pass_header X_CUSTOM_HEADER来传递

注意nginx 1.11.x后的版本才支持 request_id 内置变量

示例:

http{

    underscores_in_headers on;

    upstream myServer {

        server 127.0.0.1:8082;

    }
server { listen 80; server_name localhost; location / { proxy_set_header Some-Thing $http_x_custom_header;; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://myServer; } } }

示例:

网络架构:

源站 <-->  1层nginx代理 <-->  2层nginx代理 <--> CDN <-->客户端

2层代理  nginx.conf

    underscores_in_headers on;

    log_format  main  '$http_x_forwarded_for`$remote_addr`$proxy_add_x_forwarded_for`[$time_local]`"$request"`'

                      '$status`$body_bytes_sent`"$http_referer"`'

                      '"$http_user_agent"`"$request_time"`'

                      '$request_id`$upstream_response_time`$upstream_addr`$upstream_connect_time`$upstream_status';

2层代理站点配置:

location中设置 proxy_set_header

upstream pc_proxy_group_ssl {
        ip_hash;
        zone pc_proxy_group_ssl_up 1m;
        server x.x.x.x:443 weight=10;
        server x.x.x.x2:443 weight=10;
        check interval=3000 rise=2 fall=5 timeout=2000 type=ssl_hello;
}


server {

        listen      443 ssl;

        server_name www.xx.com;

        access_log  logs/www.xx.com.access.log  main;

        ssl                  on;

        ssl_certificate      SSL_Certificate/xx.com/_.xx.com.cer;

        ssl_certificate_key  SSL_Certificate/xx.com/_.xx.com.key;

        ssl_session_timeout  5m;

        ssl_protocols                   TLSv1.2 TLSv1.1 TLSv1;

        ssl_ciphers  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:WEAK112TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:FS256TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;

        ssl_prefer_server_ciphers   on;

        location / {

                proxy_pass https://pc_proxy_group_ssl;

                proxy_redirect default;

                proxy_set_header   Host             $host;

                proxy_set_header   X-Real-IP        $remote_addr;

                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

                proxy_set_header   X-Request-ID     $request_id;

        }
}

注意:

如果想把 proxy_set_header 设置在 http 块全部生效,那么,server块、location块中不能再出现 proxy_set_header,如果能则不继续

1层代理nginx.conf配置:

user nginx nginx;

worker_processes auto;
worker_cpu_affinity auto;

error_log  logs/error.log;

pid        logs/nginx.pid;

worker_rlimit_nofile 65535;

events {

    use epoll;

    worker_connections 65535;

}

http {

    ## HttpGuard

    lua_package_path "/etc/nginx/httpGuard/?.lua";

    lua_shared_dict dict_system 10m;

    lua_shared_dict dict_black 50m;

    lua_shared_dict dict_white 50m;

    lua_shared_dict dict_challenge 100m;

    lua_shared_dict dict_byDenyIp 30m;

    lua_shared_dict dict_byWhiteIp 30m;

    lua_shared_dict dict_captcha 70m;

    lua_shared_dict dict_others 30m;

    lua_shared_dict dict_perUrlRateLimit 30m;

    lua_shared_dict dict_needVerify 30m;

    init_by_lua_file "/etc/nginx/httpGuard/init.lua";

    access_by_lua_file "/etc/nginx/httpGuard/runtime.lua";

    lua_max_running_timers 1;

    include       mime.types;

    default_type  application/octet-stream;

    log_format  main  '$http_x_forwarded_for`$remote_addr`$proxy_add_x_forwarded_for`[$time_local]`"$request"`'

                      '$status`$body_bytes_sent`"$http_referer"`'

                      '"$http_user_agent"`"$request_time"`'

                      '$http_x_request_id`$upstream_response_time`$upstream_addr`$upstream_connect_time`$upstream_status';

    log_format  access  '$remote_addr`[$time_local]`"$request"`'

                      '$status`$body_bytes_sent`"$http_referer"`'

                      '"$http_user_agent"`"$http_x_forwarded_for"`'

                      '$http_x_request_id`$upstream_response_time`$upstream_addr`$upstream_connect_time`$upstream_status';

#    proxy_ignore_client_abort on;

    proxy_headers_hash_max_size 2048;

    proxy_headers_hash_bucket_size 256;

    sendfile    on;

    tcp_nopush  on;

    tcp_nodelay on;

    keepalive_timeout 60;

    server_tokens off;

    proxy_hide_header X-Powered-By;

    proxy_hide_header X-AspNet-Version;

    gzip    on;

    gzip_min_length 1k;

    gzip_buffers    4 16k;

    gzip_http_version 1.1;

    gzip_comp_level 2;

    gzip_types  text/plain  application/x-javascript text/css application/xml;

    gzip_vary on;

    client_max_body_size 100m;

    client_body_buffer_size 128k;

    client_body_temp_path /dev/shm/client_body_temp;

    proxy_connect_timeout 600;

    proxy_read_timeout 600;

    proxy_send_timeout 600;

    proxy_buffer_size 16k;

    proxy_buffers 32 32k;

    proxy_busy_buffers_size 64k;

    proxy_temp_file_write_size 64k;

    proxy_temp_path /dev/shm/proxy_temp;

    map $http_x_forwarded_for $clientRealIp {

        "" $remote_addr;

        ~^(?P<firstAddr>[0-9\.]+),?.*$ $firstAddr;

    }

    include /etc/nginx/conf.d/*.conf;

}

1层代理站点配置:

upstream pc_proxy_group {

        ip_hash;

        zone pc_proxy_group_ssl_up 1m;

        server x.x.x.x:8080 weight=10;

        server x.x.x.x2:8080 weight=10;

check interval=3000 rise=2 fall=5 timeout=2000 type=http;
        check_http_send "GET /do_not_delete/check.html HTTP/1.0\r\n\r\n";

}

server {

        listen      443 ssl;

        server_name www.xx.com;

        access_log  logs/www.xx.com.access.log  main;

        ssl                  on;

        ssl_certificate      SSL_Certificate/xx.com/_.xx.com.cer;

        ssl_certificate_key  SSL_Certificate/xx.com/_.xx.com.key;

        ssl_session_timeout  5m;

        ssl_protocols        TLSv1.2 TLSv1.1 TLSv1;

        ssl_ciphers  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:WEAK112TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:FS256TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;

        ssl_prefer_server_ciphers   on;

        location / {

                proxy_pass http://pc_proxy_group;

                proxy_redirect default;

                proxy_set_header   Host             $host;

                proxy_set_header   X-Real-IP        $remote_addr;

                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

        }

}

若源站为IIS,可使用IIS 高级日志记录获取httpd头 X-Request-ID,其他web容器通过其他方法获取请求ID

Nginx获取自定义头部header的值的更多相关文章

  1. Spring启动时获取自定义注解的属性值

    1.自定义注解 @Target({ElementType.TYPE, ElementType.METHOD}) @Retention(RetentionPolicy.RUNTIME) @Documen ...

  2. nginx 获取自定义header头部信息

    为了排查线上的bug,需要在nginx的日志中,打印客户端上传上来的header头部信息,同时头部信息是自定义的.在尝试多重方案后,找到解决方法: log_format dm '"$remo ...

  3. js(jQuery)获取自定义data属性的值

    有时候因为需要在标签上设置自定义data属性值, <div class="col-sm-6 col-md-4" id="get_id" data-c_id ...

  4. js ajax设置和获取自定义header信息的方法总结

    目录 1.js ajax 设置自定义header 1.1 方法一: 1.2 方法二: 2.js ajax 获取请求返回的response的header信息 3.js ajax 跨域请求的情况下获取自定 ...

  5. nginx通过自定义header属性来转发不同的服务

    一.背景 因为需要上线灰度发布,只要nginx接收到头部为: wx_unionid: 就会跳转到另外一个url,比如: 通过配置nginx 匹配请求头wx_unionid 来转发到灰度环境.核心:客户 ...

  6. VS2008 C++ 利用WinHttp API获取Http请求/响应头部Header

    http://www.cnblogs.com/LCCRNblog/p/3833472.html 这一篇博客中,实现了获取http请求/响应后的html源码,现在需要获取http请求/响应的头部Head ...

  7. C# 如何获取自定义的config中节点的值,并修改节点的值

    现定义一个方法 DIYConfigHelper.cs using System; using System.Xml; using System.Configuration; using System. ...

  8. java反射机制获取自定义注解值和方法

    由于工作需求要应用到java反射机制,就做了一下功能demo想到这些就做了一下记录 这个demo目的是实现动态获取到定时器的方法好注解名称,废话不多说了直接上源码 1.首先需要自定义注解类 /** * ...

  9. nginx获取头部信息带下划线,获取不到解决方案

    nginx获取头部信息带下划线,获取不到解决方案 解决方案: 修改配置文件,进行添加信息如下: underscores_in_headers on; 然后进行重新加载: [root@qa-web co ...

随机推荐

  1. TED #02#

    Amanda Palmer: The art of asking 1. I think people have been obsessed with the wrong question, which ...

  2. Linux学习笔记之Linux启动级别

    对于绝大多数Linux程序员来说,进入Linux系统后一般看到的是黑乎乎的界面(开发模式),因为系统如果启动选择开发模式,会减少启动时间,优化内存等.但是通常我们刚安装完Linux系统,然后进去以后是 ...

  3. 常用php操作redis命令整理(二)哈希类型

    HSET将哈希表key中的域field的值设为value;如果field是哈希表中的一个新建域,并且值设置成功,返回1;如果哈希表中域field已经存在且旧值已被新值覆盖,返回0. <?php ...

  4. 使用cronolog工具给tomcat进行日志切割

    关于cronolog的用法查看:https://www.freebsd.org/cgi/man.cgi?query=cronolog&apropos=0&sektion=0&m ...

  5. Dekker算法在多核处理器下的失效

    Dekker algorithm是一种著名的并发编程的算法,Dekker算法的核心部分是一组对称的代码来访问一组共享变量,使得两个线程不可能同时进入临界区(只要cpu内存模型是遵循顺序一致性的),从而 ...

  6. Spring Cloud组件

    Spring Cloud Eureka Eureka负责服务的注册于发现,Eureka的角色和 Zookeeper差不多,都是服务的注册和发现,构成Eureka体系的包括:服务注册中心.服务提供者.服 ...

  7. Mysql中FIND_IN_SET和REPLACE函数简介

    一  FIND_IN_SET() SELECT * from u_user where FIND_IN_SET('32',tags) 上面的sql是精确查找,查找表中tags中含有32的记录(注意这里 ...

  8. Android之扫描二维码和根据输入信息生成名片二维码

    开发中常常遇到二维码扫码操作,前段时间做项目要实现该功能,于是网上查找资料实现了,现在把他做出来给各位分享一下,主要包含了二维码扫描和生成二维码名片. 先来看看效果图:   生成的二维码,打开微信扫一 ...

  9. CentOS7 64位下MySQL5.7安装与配置

    安装环境:CentOS7 64位 MINI版,安装MySQL5.7 1.配置YUM源 在MySQL官网中下载YUM源rpm安装包:http://dev.mysql.com/downloads/repo ...

  10. bzoj-1009-dp+kmp处理转移矩阵幂

    1009: [HNOI2008]GT考试 Time Limit: 1 Sec  Memory Limit: 162 MBSubmit: 4723  Solved: 2940[Submit][Statu ...