#1)一级代理实现客户端IP透传
#目标:实现客户端通过一个反向代理nginx服务器访问到web服务器,在web、nginx服务器日志记录有客户端ip地址。
环境准备:
client:10.0.0.160/24
proxy(nginx):10.0.0.150/24
web(apache):10.0.0.152/24
#nginx配置
[root@nginx ~]#vim /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
server_name www.tanliang.com;
location / {
index index.html index.php;
root /data/nginx/html/pc;
proxy_pass http://10.0.0.152;
#proxy_set_header X-Real-IP $remote_addr; #只添加客户端IP到
请求报文头部,转发至后端服务器
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #添加客户端IP和反
向代理服务器IP到请求报文头部
}
}
[root@nginx ~]#systemctl restart nginx
#apache配置
[root@web ~]# vim /etc/httpd/conf/httpd.conf
LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
[root@web ~]# echo web > /var/www/html/index.html
[root@web ~]#systemctl restart httpd
#客户端配置
[root@client ~]#echo 10.0.0.152 www.tanliang.com >> /etc/hosts
[root@client ~]#curl www.tanliang.com
web
#nginx配置
[root@nginx ~]#cat /apps/nginx/conf/nginx.conf|grep x_forwarded
# '"$http_user_agent" "$http_x_forwarded_for"';#默认有此配置
[root@nginx ~]#echo 10.0.0.152 www.tanliang.com >> /etc/hosts
[root@nginx ~]#curl www.tanliang.com
web
#在apache服务器查看日志,验证。
[root@web ~]# cat /var/log/httpd/access_log
10.0.0.160 10.0.0.150 - - [29/Nov/2021:10:35:20 +0800] "GET / HTTP/1.0" 200 4 "-" "curl/7.61.1"
- 10.0.0.150 - - [29/Nov/2021:10:38:35 +0800] "GET / HTTP/1.1" 200 4 "-" "curl/7.61.1"
#2)多级代理实现客户端 IP 透传
client:10.0.0.160
nginx1:10.0.0.150
nginx2:10.0.0.170
apache:10.0.0.152
#第一个代理服务器
[root@nginx1 ~]#echo 10.0.0.170 www.tanliang2.com >> /etc/hosts
[root@nginx1 ~]#vim /apps/nginx/conf/nginx.conf
#开启日志格式,记录x_forwarded_for
http {
include mime.types;
default_type application/octet-stream;
proxy_cache_path /data/nginx/proxycache levels=1:1:1
keys_zone=proxycache:20m inactive=120s max_size=1g;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
#定义反向代理
[root@nginx ~]#cat /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
server_name www.tanliang.com;
location / {
proxy_pass http://www.tanliang2.com;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
#第二个代理服务器
[root@nginx2 ~]#vim /apps/nginx/conf/nginx.conf
#开启日志格式,记录x_forwarded_for
http {
include mime.types;
default_type application/octet-stream;
proxy_cache_path /data/nginx/proxycache levels=1:1:1
keys_zone=proxycache:20m inactive=120s max_size=1g;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
#定义反向代理
[root@nginx2 ~]# cat /etc/nginx/conf.d/pc.conf
server {
listen 80;
server_name www.tanliang2.com;
location / {
proxy_pass http://10.0.0.152;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
root /data/html/index.html;
}
}
#在client访问测试
[root@client ~]#curl www.tanliang.com
web
hello
#在第一个proxy上面查看日志
[root@nginx1 ~]#tail /apps/nginx/logs/access.log -f
10.0.0.160 - - [29/Nov/2021:13:32:54 +0800] "GET / HTTP/1.1" 200 10 "-" "curl/7.61.1" "-"
#在第二个proxy上面查看日志
[root@nginx2 ~]#tail -f /var/log/nginx/access.log
10.0.0.150 - - [29/Nov/2021:13:32:54 +0800] "GET / HTTP/1.0" 200 10 "-" "curl/7.61.1" "10.0.0.160"
#在apache上面查看日志
[root@web ~]# tail -f /etc/httpd/logs/access_log
"10.0.0.160, 10.0.0.150" 10.0.0.170 - - [29/Nov/2021:13:32:54 +0800] "GET / HTTP/1.0" 200 10 "-" "curl/7.61.1"