nginx 反向代理

来源：互联网发布：php 获取ip 编辑：程序博客网时间：2024/06/02 03:50

操作环境

nginx 服务器

[root@nginx ~]# cat /etc/redhat-releaseCentOS release 6.5 (Final)

web 服务器

[root@web ~]# cat /etc/redhat-releaseCentOS release 6.5 (Final)

web 服务器配置

安装 httpd yum install -y httpd
html文件 /var/www/html/index.html

<h1>hello nginx</h1><h2>web service 123.59.74.187 here</h2>

关闭防火墙，启动httpd

[root@web html]# service iptables stop[root@web html]# service httpd startStarting httpd:

访问web服务器ip：
这里写图片描述

nginx 服务器配置

修改nginx 配置vi /etc/nginx/nginx.conf

http {    include       /etc/nginx/mime.types;    default_type  application/octet-stream;    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '                      '$status $body_bytes_sent "$http_referer" '                      '"$http_user_agent" "$http_x_forwarded_for"';    access_log  /var/log/nginx/access.log  main;    sendfile        on;    #tcp_nopush     on;    #keepalive_timeout  0;    keepalive_timeout  65;    #gzip  on;    # Load config files from the /etc/nginx/conf.d directory    # The default server is in conf.d/default.conf    include /etc/nginx/conf.d/*.conf;    # 反向代理测试    server {        listen  2000;        location / {            proxy_pass      http://123.59.74.187;        }    }}

重新加载nginx配置[root@nginx nginx]# nginx -s reload
访问nginx服务器地址，已经被反向代理至另一台web服务器
这里写图片描述

查看web服务器httpd log，可见访问IP都是nginx代理服务器IP

[root@web ~]# tail /var/log/httpd/access_log185.25.151.159 - - [29/Jul/2015:15:07:58 +0800] "GET http://testp3.pospr.waw.pl/testproxy.php HTTP/1.1" 404 296 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0"203.195.173.139 - - [29/Jul/2015:15:10:00 +0800] "GET /manager/html HTTP/1.1" 404 289 "-" "Mozilla/3.0 (compatible; Indy Library)"101.231.119.202 - - [29/Jul/2015:15:33:11 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"123.59.65.162 - - [29/Jul/2015:15:54:32 +0800] "GET / HTTP/1.0" 200 61 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"123.59.65.162 - - [29/Jul/2015:15:54:32 +0800] "GET /favicon.ico HTTP/1.0" 404 288 "http://123.59.65.162:2000/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"123.59.65.162 - - [29/Jul/2015:15:55:39 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"123.59.65.162 - - [29/Jul/2015:16:00:09 +0800] "GET / HTTP/1.0" 200 61 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)"123.59.65.162 - - [29/Jul/2015:16:02:39 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"123.59.65.162 - - [29/Jul/2015:16:02:39 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"123.59.65.162 - - [29/Jul/2015:16:02:40 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"

如果要改成真实的客户端的IP，修改nginx配置：

server {    listen  2000;    location / {        proxy_pass      http://123.59.74.187;        proxy_set_header  X-Real-IP  $remote_addr; # 使客户端IP    }}

重新加载nginx配置 [root@nginx nginx]# nginx -s reload
测试，看web服务器httpd log，并不是真实客户端IP：

[root@web ~]# tail /var/log/httpd/access_log123.59.65.162 - - [29/Jul/2015:15:54:32 +0800] "GET /favicon.ico HTTP/1.0" 404 288 "http://123.59.65.162:2000/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"123.59.65.162 - - [29/Jul/2015:15:55:39 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"123.59.65.162 - - [29/Jul/2015:16:00:09 +0800] "GET / HTTP/1.0" 200 61 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)"123.59.65.162 - - [29/Jul/2015:16:02:39 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"123.59.65.162 - - [29/Jul/2015:16:02:39 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"123.59.65.162 - - [29/Jul/2015:16:02:40 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"169.54.233.120 - - [29/Jul/2015:16:05:37 +0800] "GET / HTTP/1.0" 200 61 "-" "Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0"123.59.65.162 - - [29/Jul/2015:16:06:45 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"123.59.65.162 - - [29/Jul/2015:16:06:46 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"123.59.65.162 - - [29/Jul/2015:16:06:46 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"

修改web服务器httpd log配置vim /etc/httpd/conf/httpd.conf
将

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedLogFormat "%h %l %u %t \"%r\" %>s %b" common

改为

LogFormat "%{X-Real-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedLogFormat "%h %l %u %t \"%r\" %>s %b" common

重启httpd

[root@web ~]# service httpd restartStopping httpd:                                            [  OK  ]Starting httpd: httpd: apr_sockaddr_info_get() failed for webhttpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName                                                           [  OK  ]

测试一下，终于是真实的客户端IP了

[root@web ~]# tail /var/log/httpd/access_log123.59.65.162 - - [29/Jul/2015:16:13:55 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"123.59.65.162 - - [29/Jul/2015:16:13:55 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"123.59.65.162 - - [29/Jul/2015:16:13:55 +0800] "GET / HTTP/1.0" 200 61 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"123.59.65.162 - - [29/Jul/2015:16:14:51 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"123.59.65.162 - - [29/Jul/2015:16:14:51 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"101.231.119.202 - - [29/Jul/2015:16:22:40 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"101.231.119.202 - - [29/Jul/2015:16:22:40 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"101.231.119.202 - - [29/Jul/2015:16:22:41 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"101.231.119.202 - - [29/Jul/2015:16:22:41 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"101.231.119.202 - - [29/Jul/2015:16:22:41 +0800] "GET / HTTP/1.0" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"

0 0