nginx数据流向: 了解nginx如何知道客户端ip
client–>ADSL–>cdn(cacahe)–>SLB(反向代理)–>nginx(同样是反向代理)
内网 做SNAT伪装
那么nginx如何获得客户端ip?x_forwarded_for会记录做过伪装的ip
获取原地址的实验:
[root@server1 nginx-1.14.2]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ 创建一个软连接
把原来的nginx关掉
[root@server1 download]# nginx -s stop
[root@server1 ~]# cd nginx-1.14.2
[root@server1 nginx-1.14.2]# make clean
rm -rf Makefile objs
[root@server1 nginx-1.14.2]# ./configure --prefix=/usr/local/nginx --with-http_realip_module
[root@server1 nginx-1.14.2]# make 不要make install
[root@server1 nginx-1.14.2]# cd objs/
[root@server1 objs]# cp nginx /usr/local/nginx/sbin/nginx
cp: overwrite ‘/usr/local/nginx/sbin/nginx’? y
[root@server1 ~]# cd /usr/local/nginx/conf/
[root@server1 conf]# vim nginx.conf
server {
listen 80;
server_name server1.westos.org;
location / {
return 200;
}
}
[root@server1 conf]# vim /etc/hosts ##记得添加解析
172.25.79.1 server1.westos.org
[root@server1 conf]# nginx
[root@server1 conf]# nginx -s reload ##编辑配置文件之后都要reload,以后不再重复
[root@server1 conf]# curl -I server1.westos.org
[root@server1 conf]# vim nginx.conf
server {
listen 80;
server_name server1.westos.org;
location / {
return 200 "client real ip: $remote_addr\n";
}
}
[root@server1 conf]# curl server1.westos.org
[root@server1 conf]# vim nginx.conf
server {
listen 80;
server_name server1.westos.org;
set_real_ip_from 172.25.79.1;
real_ip_header X-Forwarded-For;
real_ip_recursive off;
location / {
return 200 "client real ip: $remote_addr\n";
}
}
[root@server1 conf]# curl -H "X-Forwarded-For: 1.1.1.1,172.25.79.1" server1.westos.org
client real ip: 172.25.79.1
[root@server1 conf]# vim nginx.conf
server {
listen 80;
server_name server1.westos.org;
set_real_ip_from 172.25.79.1;
real_ip_header X-Forwarded-For;
real_ip_recursive on; ##表示返回上一个ip,往前推
location / {
return 200 "client real ip: $remote_addr\n";
}
}
[root@server1 conf]# curl -H "X-Forwarded-For: 1.1.1.1,172.25.19.1" server1.westos.org
client real ip: 1.1.1.1
反向代理:
server2:
upstream westos{
server 172.25.79.1:80;
}
server {
listen 80;
server_name www.westos.org;
location / {
proxy_pass http://westos;
}
}
server1:
server {
listen 80;
server_name localhost;
}
[root@server1 html]# pwd
[root@server1 html]# cat test.html
test
[root@foundation79 ~]# curl www.westos.org/test.html
test
[root@server1 logs]# cd /usr/local/nginx/logs/
[root@server1 logs]# cat access.log
172.25.19.2 - - [22/Feb/2019:11:30:08 +0800] “GET /test.html HTTP/1.1” 200 5 “-” “curl/7.29.0” 则代理成功
server1:
server {
listen 80;
server_name localhost;
set_real_ip_from 172.25.79.2;
#real_ip_header X-Real-IP;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
}
server2:
server {
listen 80;
server_name www.westos.org;
location / {
#proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://westos;
}
}
[root@foundation79 ~]# curl www.westos.org/test.html
test
就是250了