今天我们要将的是一个重要配置信息proxy_set_header,该配置是搭建多域名反向代理必备的配置。

        location / {
            proxy_pass http://firstSwitch;
            proxy_set_header host $host;           //当前行
        }

proxy_set_header host $host; 该设置就是会将当前请求的域名信息转发到下级请求中。直接这样文字说明是无法解释的,我们将有无该配置产生的效果进行对比一下。

  • 本地解析域名10.0.0.31 www.daydayup.com bbs.daydayup.com

     
  • web01(10.0.0.32)的配置文件如下:
    worker_processes  1;
    error_log       logs/error.log error;
    
    events {
        worker_connections  1024;
    }
    http {
        include       mime.types;
        default_type  application/octet-stream;
        sendfile        on;
        keepalive_timeout  65;
    
        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    
        access_log  logs/access.log  main;
    
        server {
            listen       80;
            server_name  www.daydayup.com;
    
            location / {
                root   html/www;
                index  index.html index.htm;
            }
        }
    
        server {
            listen       80;
            server_name  bbs.daydayup.com;
    
            location / {
                root   html/bbs;
                index  index.html index.htm;
            }
        }
    
    }

     
  • 10.0.0.31配置文件如下:(监听外网地址,如是虚拟机操作请监听VMnet8)
    [root@NFS nginx]# vim conf/nginx.conf
    
    keepalive_timeout  65;
    
    worker_processes  1;
    error_log       logs/error.log error;
    
    events {
        worker_connections  1024;
    }
    http {
        include       mime.types;
        default_type  application/octet-stream;
        sendfile        on;
        keepalive_timeout  65;
    
        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    
        access_log  logs/access.log  main;
    
        upstream firstSwitch {
            server 10.0.0.32:80;
        }
        server {
            listen       80;
            server_name  www.daydayup.com;
            location / {
                proxy_pass http://firstSwitch;
            }
        }
        server {
            listen       80;
            server_name  bbs.daydayup.com;
            location / {
                proxy_pass http://firstSwitch;
            }
        }
    
    }

     
  • 启动并测试。



    这里我们可以看出,无论是访问www.daydayup.com还是bbs.daydayup.com,最终显示地都是10.0.0.31 www.daydayup.com,因此可以得知我们的请求始终进入了web01(10.0.0.32)中的www文件夹中,这是为什么呢?我们通过Wireshark进行监听http

    ,可以发现在10.0.0.31的请求进入到10.0.0.32后,对应的请求主机发生了变化,变为了firstSwitch(改名成是我们在Nginx配置upstream木块中定义的),也就是说后端将会被firstSwitch屏蔽。因为进入到第二层服务器后,nginx找不到对应的 域名,默认显示第一个www.daydayup.com配置。

     
  • 添加配置proxy_set_header host $host;


    这是能显示我们想要的内容。再看看wireshark抓包情况,请求从10.0.0.31转发到10.0.0.32时所携带的主机依然是我们的bbs.daydayup.com。


     

这下知道参数proxy_set_header的作用了吧。

 

proxy_set_header除了有此功能外,还可通过proxy_set_header配置实现请求主机的追踪。我们先来看看(10.0.0.32 web01)logs/access.log中的日志:

[root@web01 nginx]# cat logs/access.log
10.0.0.31 - - [14/Dec/2019:00:02:18 +0800] "GET /favicon.ico HTTP/1.0" 404 571 "http://www.daydayup.com/" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 UBrowser/6.2.4098.3 Safari/537.36" "-"
10.0.0.31 - - [14/Dec/2019:00:02:21 +0800] "GET / HTTP/1.0" 200 27 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 UBrowser/6.2.4098.3 Safari/537.36" "-"
10.0.0.31 - - [14/Dec/2019:00:02:21 +0800] "GET /favicon.ico HTTP/1.0" 404 571 "http://bbs.daydayup.com/" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 UBrowser/6.2.4098.3 Safari/537.36" "-"
10.0.0.31 - - [14/Dec/2019:00:02:51 +0800] "GET / HTTP/1.0" 304 0 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 UBrowser/6.2.4098.3 Safari/537.36" "-"
10.0.0.31 - - [20/Dec/2019:19:36:01 +0800] "GET / HTTP/1.0" 200 27 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "-"
10.0.0.31 - - [20/Dec/2019:19:36:01 +0800] "GET /favicon.ico HTTP/1.0" 404 571 "http://10.0.0.31/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "-"

可以看出所有访问请求地址都是主机10.0.0.31(反向代理服务器),这样的话我们就不知道该请求是来自那一个原IP,导致我们没办法做ip拦截,分析,黑名单等操作。

此时可以通过proxy_set_header 配置如下:

[root@NFS nginx]# vim conf/nginx.conf

       。
       。
       。

    upstream firstSwitch {
        server 10.0.0.32:80;
    }
    server {
        listen       80;
        server_name  www.daydayup.com;
        location / {
            proxy_pass http://firstSwitch;
            proxy_set_header host $host;                          ##
            proxy_set_header X-Forwarded-For $remote_addr;        ##这一行
        }
    }
    server {
        listen       80;
        server_name  bbs.daydayup.com;
        location / {
            proxy_pass http://firstSwitch;
            proxy_set_header host $host;                          ##
            proxy_set_header X-Forwarded-For $remote_addr;        ##这一行
        }
    }

}

然后重启Nginx,再通过浏览器访问,并查看日志,这时可以看到在每一行的日志最后一行出现了一个ip,该ip就是请求的源IP。

10.0.0.31 - - [20/Dec/2019:20:02:56 +0800] "GET / HTTP/1.0" 200 27 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "10.0.0.1"
10.0.0.31 - - [20/Dec/2019:20:02:56 +0800] "GET /favicon.ico HTTP/1.0" 404 571 "http://10.0.0.31/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "10.0.0.1"
10.0.0.31 - - [20/Dec/2019:20:02:56 +0800] "GET / HTTP/1.0" 200 27 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "10.0.0.1"
10.0.0.31 - - [20/Dec/2019:20:02:56 +0800] "GET /favicon.ico HTTP/1.0" 404 571 "http://10.0.0.31/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "10.0.0.1"
10.0.0.31 - - [20/Dec/2019:20:02:56 +0800] "GET / HTTP/1.0" 200 27 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "10.0.0.1"
10.0.0.31 - - [20/Dec/2019:20:02:56 +0800] "GET /favicon.ico HTTP/1.0" 404 571 "http://10.0.0.31/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "10.0.0.1"
10.0.0.31 - - [20/Dec/2019:20:02:56 +0800] "GET / HTTP/1.0" 200 27 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "10.0.0.1"
10.0.0.31 - - [20/Dec/2019:20:02:56 +0800] "GET /favicon.ico HTTP/1.0" 404 571 "http://10.0.0.31/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "10.0.0.1"

proxy_set_header X-Forwarded-For $remote_addr;
实现用户访问反向代理服务,让web服务器日志记录真实用户IP。

通过wireShark抓包:在反向代理服务器向web01(10.0.0.32)转发时,也会将10.0.0.1信息携带上。

最后修改于 2019-12-16 17:03:59
如果觉得我的文章对你有用,请随意赞赏
扫一扫支付
上一篇