前言:采用了nginx +nginx 两台服务器的方式获取 客户端的真实IP。
具体配置可参考之前的文摘!
这里需要做到这样的功能,前端nginx 使用http代理 (https 好像无法实现转发) 链接到后端的https 网站!
nginx支持https ,可参考前面的文摘!
要使客户端连接的http请求 转发到后端的web服务器上,前端的nginx,具体配置如下:
[root@iZbp1c3lxfxbdfeq8fpjadZ nginx]# cat nginx.conf
#user nobody;
worker_processes auto;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
#use epoll;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
proxy_headers_hash_max_size 51200;
proxy_headers_hash_bucket_size 6400;
server {
listen 10080;
proxy_redirect off;
location / {
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-For \$remote_addr;
proxy_set_header X-Forwarded-Host \$server_name;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP \$remote_addr;
real_ip_header X-Real-IP;
proxy_pass https://后端server的IP地址;
}
}
}
后端的nginx的配置如下:
[root@iZbp1g56n6ff2bh6b213xwZ:/etc/nginx]#cat nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 443 ssl;
server_name localhost;
real_ip_header X-Real-IP;
# set_real_ip_from 192.168.10.0/24;
set_real_ip_from 前端server的IP地址;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
location / {
root /server/php;
index index.html index.htm index.php;
}
location ~ \.php$ {
root /server/php;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
}