• X-Forwarded-For和X-Real-ip的区别


    X-Forwarded-For和X-Real-ip的区别

    环境配置:
    三台代理(lb01:10.0.0.7、lb02:10.0.0.8、lb03:10.0.0.9)
    一台web应用服务器(web:10.0.0.5)

    1.配置官方nginx源并安装(4台都操作)
    
    [root@lb01 ~]# vim /etc/yum.repos.d/nginx.repo 
    [root@lb01 ~]# yum install nginx -y
    
    [root@lb01 ~]# nginx -v
    nginx version: nginx/1.16.0
    
    2.启动nginx服务加入开机自启(4台都操作)
    
    [root@lb01 ~]# systemctl start nginx
    [root@lb01 ~]# systemctl enable nginx
    Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
    

    统一将proxy定义的配置存放到proxy_params中,便于调用

    [root@lb01 nginx]# vim /etc/nginx/proxy_params
    
    proxy_http_version 1.1; 
    proxy_http_version 1.1;  
    proxy_http_version 1.1;  
    proxy_set_header Host $http_host;
    proxy_set_header X‐Real‐IP $remote_addr; #配置X‐Real‐IP
    proxy_set_header X‐Forwarded‐For $proxy_add_x_forwarded_for;#配置 X‐Forwarded‐For
    
    proxy_connect_timeout 30; 
    proxy_send_timeout 60; 
    proxy_read_timeout 60;    
    
    proxy_buffering on;    
    proxy_buffer_size 32k;
    proxy_buffers 4 128k;
    

    配置代理

    [root@lb01 conf.d]# vim web.oldboy.com.conf 
    
    server {
            listen 80;
            server_name web.oldboy.com;
    
    
        location / {
        proxy_pass http://10.0.0.8:80;
        include proxy_params;
        }
    
    
    }
    
    [root@lb01 conf.d]# nginx -t
    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    nginx: configuration file /etc/nginx/nginx.conf test is successful
    [root@lb01 conf.d]# systemctl res
    rescue        reset-failed  restart       
    [root@lb01 conf.d]# systemctl restart nginx
    
    

    lb02:

    统一将proxy定义的配置存放到proxy_params中,便于调用

    [root@lb02 ~]# cd /etc/nginx/conf.d/
    [root@lb02 conf.d]# vim /etc/nginx/proxy_params
    
    proxy_http_version 1.1;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;#配置X-Real-IP
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;#配置X-Forward-For
    
    proxy_connect_timeout 30;
    proxy_send_timeout 60;
    proxy_read_timeout 60;
    
    proxy_buffering on;
    proxy_buffer_size 32k;
    proxy_buffers 4 128k;
    
    [root@lb02 conf.d]# vim web.oldboy.com.conf
    
    server {
            listen 80;
            server_name web.oldboy.com;
    
    
        location / {
        proxy_pass http://10.0.0.9:80;
        include proxy_params;
        }
    
    
    }
    
    [root@lb02 conf.d]# nginx -t
    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    nginx: configuration file /etc/nginx/nginx.conf test is successful
    [root@lb02 conf.d]# systemctl restart nginx
    

    lb03:

    统一将proxy定义的配置存放到proxy_params中,便于调用

    [root@lb03 ~]# cd /etc/nginx/conf.d/
    [root@lb03 conf.d]# vim /etc/nginx/proxy_params
    
    proxy_http_version 1.1;
    proxy_set_header Host $http_host;
    proxy_set_header X‐Real‐IP $remote_addr; #配置X‐Real‐IP
    proxy_set_header X‐Forwarded‐For $proxy_add_x_forwarded_for;#配置 X‐Forwarded‐For
    
    proxy_connect_timeout 30;
    proxy_send_timeout 60;
    proxy_read_timeout 60;
    
    proxy_buffering on;
    proxy_buffer_size 32k;
    proxy_buffers 4 128k;
    
    [root@lb03 conf.d]# vim web.oldboy.com.conf
    
    server {
            listen 80;
            server_name web.oldboy.com;
    
    
        location / {
        proxy_pass http://10.0.0.5:80;
        include proxy_params;
        }
    
    
    }
    
    [root@lb03 conf.d]# nginx -t
    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    nginx: configuration file /etc/nginx/nginx.conf test is successful
    [root@lb03 conf.d]# systemctl restart nginx
    

    web:

    [root@web ~]# cd /etc/nginx/conf.d/
    [root@web conf.d]# vim web.oldboy.com.conf
    
    server {
            listen 80;
            server_name web.oldboy.com;
    
    
        location / {
                root /code;
                index index.html;
        }
    
    
    }
    
    [root@web conf.d]# nginx -t
    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    nginx: configuration file /etc/nginx/nginx.conf test is successful
    [root@web conf.d]# echo "10.0.0.5-web" > /code/index.html
    [root@web conf.d]# systemctl restart nginx
    
    [root@web conf.d]# vim /etc/nginx/nginx.conf # 为方便查看日志,将web端的记录日志格式修改下
    
      log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for""$http_x_real_ip"';
    
    打开windows的C:windowsSystem32driversetchosts,配置10.0.0.7   web.oldboy.com.
    

    完了以后可以在cmd中检查一下是否解析的是来自10.0.0.7的。

    如图所示:由10.0.0.2(user)-->10.0.0.7-->10.0.0.8-->10.0.0.9-->10.0.0.5(web server)

    [root@web conf.d]# tail -f /var/log/nginx/access.log
    
    10.0.0.9 - - [02/Jun/2019:11:54:54 +0800] "GET / HTTP/1.1" 200 13 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" "10.0.0.7""10.0.0.7"
    

    综上所述:X-Real-ip 只显示出上一级代理,不显示用户真实ip

    ​ X-Forwarded-For 显示所有经过路径的ip。

  • 相关阅读:
    并发编程之线程进阶
    并发编程之线程
    进程间通信(队列和管道)
    在python程序中的进程操作
    操作系统之进程
    网络编程之黏包
    树莓派 websocket 控制LED
    lua 调用 C -- 实例 C函数作为应用程序的一部分
    linux 环境下进程什么时候会被 killed掉
    STM32 + cJSON 死机问题解决
  • 原文地址:https://www.cnblogs.com/longren/p/10962679.html
Copyright © 2020-2023  润新知