Nginx多层反代配置变量proxy_set_header过程记录
第一层代理:
(1)路径:
$ vim /data/soft/nginx/conf/vhost/xixi.conf
(2)内容:(注:此处变量名需中划线。)
server {
listen 80;
server_name api.xxx.com api.yyyy.com api.cun.com;
access_log /log/nginx/xiaojicdn.api.log main;
root /data/www/pay/;
location /member {
proxy_intercept_errors on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header real-remote $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://member.srv;
}
location /discount {
proxy_intercept_errors on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header real-remote $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://discount.srv;
}
location /pay {
proxy_intercept_errors on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header real-remote $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://pay.srv;
}
location /agent {
proxy_intercept_errors on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header real-remote $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://agent.srv;
}
location =/pay.html {
expires 10s;
}
location =/ {
index index.html payment.html;
}
error_page 404 /404.html;
error_page 500 502 503 504 /500.html;
location = /500.html {
default_type application/json;
add_header Content-Type 'application/json; charset=utf-8';
return 200 '{"status":2, "msg":"Server Error!"}';
}
location = /404.html {
default_type application/json;
add_header Content-Type 'application/json; charset=utf-8';
return 200 '{"status":2, "msg":"Request Uri Not Found!"}';
}
}
第二层代理:
(1) 路径:
$ vim /data/soft/nginx/conf/vhost/xixi.conf
(2) 内容:(注:此处变量获取需加http头,并且中划线要变为下划线。)
server {
listen 5675;
server_name m.ttcn.com m.xxy.com api.xxx.com api.xxg.com api.ren.com;
access_log /log/nginx/xiaoji.game.api.log main;
location /member {
proxy_intercept_errors on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $http_real_remote;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://member.srv;
}
location /discount {
proxy_intercept_errors on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $http_real_remote;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://discount.srv;
}
location /pay {
proxy_intercept_errors on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $http_real_remote;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://pay.srv;
}
location /agent {
proxy_intercept_errors on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $http_real_remote;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://agent.srv;
}
error_page 404 /404.html;
error_page 500 502 503 504 /500.html;
location = /500.html {
default_type application/json;
add_header Content-Type 'application/json; charset=utf-8';
return 200 '{"status":2, "msg":"Server Error!"}';
}
location = /404.html {
default_type application/json;
add_header Content-Type 'application/json; charset=utf-8';
return 200 '{"status":2, "msg":"Request Uri Not Found!"}';
}
}
(3) 路径:
$ vim /data/soft/nginx/conf/nginx.conf
(4) 内容:
user root;
worker_processes 8;
worker_rlimit_nofile 65535;
worker_cpu_affinity auto;
daemon on;
error_log /log/nginx/error.log error;
pid /log/nginx/nginx.pid;
events {
use epoll;
worker_connections 65535;
}
http {
include mime.types;
include upstream.conf;
default_type text/plain;
### core
charset utf-8;
server_names_hash_bucket_size 128;
server_names_hash_max_size 512;
connection_pool_size 512;
server_tokens off;
chunked_transfer_encoding on;
### tcp/socket/DDOS
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_body_timeout 15s;
client_header_timeout 15s;
send_timeout 15s;
resolver_timeout 5s;
keepalive_requests 500;
keepalive_timeout 45s;
### open file
open_file_cache max=60000 inactive=60s;
open_file_cache_valid 60s;
open_file_cache_min_uses 1;
open_file_cache_errors on;
### client buffer
client_header_buffer_size 4k;
large_client_header_buffers 8 16k;
ignore_invalid_headers on;
client_body_buffer_size 16k;
client_max_body_size 10m;
client_body_temp_path client_body_temp;
### response config
output_buffers 4 32k;
### gzip
gzip on;
gzip_http_version 1.1;
gzip_disable "msie6";
gzip_comp_level 5;
gzip_min_length 100;
gzip_proxied any;
gzip_buffers 16 4k;
gzip_vary on;
# gzip types
gzip_types text/plain;
gzip_types text/css;
gzip_types application/javascript;
gzip_types application/json;
gzip_types application/vnd.ms-fontobject;
gzip_types application/x-font-ttf;
gzip_types font/opentype;
gzip_types image/svg+xml;
gzip_types image/x-icon;
### proxy cache
proxy_connect_timeout 5;
proxy_read_timeout 30;
proxy_send_timeout 10;
proxy_http_version 1.1;
proxy_request_buffering on;
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 32 4k;
proxy_busy_buffers_size 16k;
proxy_max_temp_file_size 1024m;
proxy_temp_file_write_size 32k;
proxy_ignore_client_abort off;
proxy_intercept_errors on;
proxy_limit_rate 0;
proxy_pass_request_body on;
proxy_pass_request_headers on;
proxy_next_upstream error timeout http_502;
#proxy_cache proxy_cache1;
proxy_cache off;
proxy_cache_key $scheme$proxy_host$request_uri;
proxy_cache_lock_age 5s;
proxy_cache_lock_timeout 5s;
proxy_cache_methods GET HEAD;
proxy_cache_min_uses 1;
proxy_cache_valid 200 302 1m;
proxy_cache_valid 301 1h;
proxy_cache_valid any 1m;
proxy_cache_path /log/nginx/proxy_cache levels=1:2 keys_zone=proxy_cache1:4096m inactive=60s max_size=4g;
proxy_temp_path /log/nginx/proxy_cache_tmp;
### connection limit
#limit_conn_zone $binary_remote_addr zone=perip:100m;
#limit_conn_status 503;
#limit_conn_log_level error;
#limit_conn perip 6;
### request limit
#limit_req_zone $binary_remote_addr zone=pereq:200m rate=2r/s;
#limit_req zone=pereq burst=5 nodelay;
#limit_req_log_level error;
#limit_req_status 503;
### limit response
#limit_rate 4k;
#limit_rate_after 500k;
### log format
log_format main escape=json
'{"nx_localtime@timestamp":"$time_local",'
'"nx_host":"$server_addr",'
'"nx_client_ip":"$http_real_remote",'
'"nx_body_size":$body_bytes_sent,'
'"nx_request_time":$request_time,'
'"nx_scheme":"$scheme",'
'"nx_http_host":"$host",'
'"nx_request_method":"$request_method",'
'"nx_uri":"$uri",'
'"nx_status":$status,'
'"nx_referer":"$http_referer",'
'"nx_agent":"$http_user_agent",'
'"nx_upstream_host":"$upstream_addr",'
'"nx_upstream_time":$upstream_response_time,'
'"nx_upstream_response_length":$upstream_response_length,'
'"nx_upstream_status":$upstream_status,'
'"nx_upstream_connect_time":$upstream_connect_time}';
open_log_file_cache max=1000 inactive=60s min_uses=1 valid=60s;
access_log off;
#access_log /log/nginx/access.log main buffer=1M gzip=4 flush=5m;
log_not_found on;
### forbit ip access
server {
listen 80 default;
server_name _;
return 404;
}
include vhost/*.conf;
}
(5) 查看日志内容:
则client_ip为真是的远程客户端访问ip,而不是第一层代理或者第一层代理和远程客户端两个IP了。