X-Forwarded-For和X-Real-ip的区别
环境配置:
三台代理(lb01:10.0.0.7、lb02:10.0.0.8、lb03:10.0.0.9)
一台web应用服务器(web:10.0.0.5)
1.配置官方nginx源并安装(4台都操作)
[root@lb01 ~]# vim /etc/yum.repos.d/nginx.repo
[root@lb01 ~]# yum install nginx -y
[root@lb01 ~]# nginx -v
nginx version: nginx/1.16.0
2.启动nginx服务加入开机自启(4台都操作)
[root@lb01 ~]# systemctl start nginx
[root@lb01 ~]# systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
统一将proxy定义的配置存放到proxy_params中,便于调用
[root@lb01 nginx]# vim /etc/nginx/proxy_params
proxy_http_version 1.1;
proxy_http_version 1.1;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X‐Real‐IP $remote_addr; #配置X‐Real‐IP
proxy_set_header X‐Forwarded‐For $proxy_add_x_forwarded_for;#配置 X‐Forwarded‐For
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
配置代理
[root@lb01 conf.d]# vim web.oldboy.com.conf
server {
listen 80;
server_name web.oldboy.com;
location / {
proxy_pass http://10.0.0.8:80;
include proxy_params;
}
}
[root@lb01 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@lb01 conf.d]# systemctl res
rescue reset-failed restart
[root@lb01 conf.d]# systemctl restart nginx
lb02:
统一将proxy定义的配置存放到proxy_params中,便于调用
[root@lb02 ~]# cd /etc/nginx/conf.d/
[root@lb02 conf.d]# vim /etc/nginx/proxy_params
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;#配置X-Real-IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;#配置X-Forward-For
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
[root@lb02 conf.d]# vim web.oldboy.com.conf
server {
listen 80;
server_name web.oldboy.com;
location / {
proxy_pass http://10.0.0.9:80;
include proxy_params;
}
}
[root@lb02 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@lb02 conf.d]# systemctl restart nginx
lb03:
统一将proxy定义的配置存放到proxy_params中,便于调用
[root@lb03 ~]# cd /etc/nginx/conf.d/
[root@lb03 conf.d]# vim /etc/nginx/proxy_params
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X‐Real‐IP $remote_addr; #配置X‐Real‐IP
proxy_set_header X‐Forwarded‐For $proxy_add_x_forwarded_for;#配置 X‐Forwarded‐For
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
[root@lb03 conf.d]# vim web.oldboy.com.conf
server {
listen 80;
server_name web.oldboy.com;
location / {
proxy_pass http://10.0.0.5:80;
include proxy_params;
}
}
[root@lb03 conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@lb03 conf.d]# systemctl restart nginx
web:
[root@web ~]# cd /etc/nginx/conf.d/
[root@web conf.d]# vim web.oldboy.com.conf
server {
listen 80;
server_name web.oldboy.com;
location / {
root /code;
index index.html;
}
}
[root@web conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web conf.d]# echo "10.0.0.5-web" > /code/index.html
[root@web conf.d]# systemctl restart nginx
[root@web conf.d]# vim /etc/nginx/nginx.conf # 为方便查看日志,将web端的记录日志格式修改下
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for""$http_x_real_ip"';
打开windows的C:windowsSystem32driversetchosts,配置10.0.0.7 web.oldboy.com.
完了以后可以在cmd中检查一下是否解析的是来自10.0.0.7的。
如图所示:由10.0.0.2(user)-->10.0.0.7-->10.0.0.8-->10.0.0.9-->10.0.0.5(web server)
[root@web conf.d]# tail -f /var/log/nginx/access.log
10.0.0.9 - - [02/Jun/2019:11:54:54 +0800] "GET / HTTP/1.1" 200 13 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" "10.0.0.7""10.0.0.7"
综上所述:X-Real-ip 只显示出上一级代理,不显示用户真实ip
X-Forwarded-For 显示所有经过路径的ip。