X-Forwarded-For和X-Real-ip的区别

X-Forwarded-For和X-Real-ip的区别

环境配置：
三台代理（lb01：10.0.0.7、lb02：10.0.0.8、lb03：10.0.0.9）
一台web应用服务器（web：10.0.0.5）

1.配置官方nginx源并安装（4台都操作）

[root@lb01 ~]# vim /etc/yum.repos.d/nginx.repo 
[root@lb01 ~]# yum install nginx -y

[root@lb01 ~]# nginx -v
nginx version: nginx/1.16.0

2.启动nginx服务加入开机自启（4台都操作）

[root@lb01 ~]# systemctl start nginx
[root@lb01 ~]# systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.

统一将proxy定义的配置存放到proxy_params中，便于调用

[root@lb01 nginx]# vim /etc/nginx/proxy_params

proxy_http_version 1.1; 
proxy_http_version 1.1;  
proxy_http_version 1.1;  
proxy_set_header Host $http_host;
proxy_set_header X‐Real‐IP $remote_addr; #配置X‐Real‐IP
proxy_set_header X‐Forwarded‐For $proxy_add_x_forwarded_for;#配置 X‐Forwarded‐For

proxy_connect_timeout 30; 
proxy_send_timeout 60; 
proxy_read_timeout 60;    

proxy_buffering on;    
proxy_buffer_size 32k;
proxy_buffers 4 128k;

配置代理

[root@lb01 conf.d]# vim web.oldboy.com.conf 

server {
        listen 80;
        server_name web.oldboy.com;


    location / {
    proxy_pass http://10.0.0.8:80;
    include proxy_params;
    }


}

[root@lb01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@lb01 conf.d]# systemctl res
rescue        reset-failed  restart       
[root@lb01 conf.d]# systemctl restart nginx

lb02：

统一将proxy定义的配置存放到proxy_params中，便于调用

[root@lb02 ~]# cd /etc/nginx/conf.d/
[root@lb02 conf.d]# vim /etc/nginx/proxy_params

proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;#配置X-Real-IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;#配置X-Forward-For

proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;

proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;

[root@lb02 conf.d]# vim web.oldboy.com.conf

server {
        listen 80;
        server_name web.oldboy.com;


    location / {
    proxy_pass http://10.0.0.9:80;
    include proxy_params;
    }


}

[root@lb02 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@lb02 conf.d]# systemctl restart nginx

lb03：

统一将proxy定义的配置存放到proxy_params中，便于调用

[root@lb03 ~]# cd /etc/nginx/conf.d/
[root@lb03 conf.d]# vim /etc/nginx/proxy_params

proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X‐Real‐IP $remote_addr; #配置X‐Real‐IP
proxy_set_header X‐Forwarded‐For $proxy_add_x_forwarded_for;#配置 X‐Forwarded‐For

proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;

proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;

[root@lb03 conf.d]# vim web.oldboy.com.conf

server {
        listen 80;
        server_name web.oldboy.com;


    location / {
    proxy_pass http://10.0.0.5:80;
    include proxy_params;
    }


}

[root@lb03 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@lb03 conf.d]# systemctl restart nginx

web：

[root@web ~]# cd /etc/nginx/conf.d/
[root@web conf.d]# vim web.oldboy.com.conf

server {
        listen 80;
        server_name web.oldboy.com;


    location / {
            root /code;
            index index.html;
    }


}

[root@web conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web conf.d]# echo "10.0.0.5-web" > /code/index.html
[root@web conf.d]# systemctl restart nginx

[root@web conf.d]# vim /etc/nginx/nginx.conf # 为方便查看日志，将web端的记录日志格式修改下

  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for""$http_x_real_ip"';

打开windows的C:windows\System32\drivers\etc\hosts,配置10.0.0.7   web.oldboy.com.

完了以后可以在cmd中检查一下是否解析的是来自10.0.0.7的。

如图所示：由10.0.0.2（user）-->10.0.0.7-->10.0.0.8-->10.0.0.9-->10.0.0.5(web server)

[root@web conf.d]# tail -f /var/log/nginx/access.log

10.0.0.9 - - [02/Jun/2019:11:54:54 +0800] "GET / HTTP/1.1" 200 13 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" "10.0.0.7""10.0.0.7"

综上所述：X-Real-ip 只显示出上一级代理，不显示用户真实ip

​ X-Forwarded-For 显示所有经过路径的ip。

转载于:https://www.cnblogs.com/longren/p/10962679.html