今天我们要将的是一个重要配置信息proxy_set_header,该配置是搭建多域名反向代理必备的配置。
location / {
proxy_pass http://firstSwitch;
proxy_set_header host $host; //当前行
}
proxy_set_header host $host; 该设置就是会将当前请求的域名信息转发到下级请求中。直接这样文字说明是无法解释的,我们将有无该配置产生的效果进行对比一下。
- 本地解析域名10.0.0.31 www.daydayup.com bbs.daydayup.com
- web01(10.0.0.32)的配置文件如下:
worker_processes 1; error_log logs/error.log error; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; log_format main '$remote_addr - $remote_user "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; server { listen 80; server_name www.daydayup.com; location / { root html/www; index index.html index.htm; } } server { listen 80; server_name bbs.daydayup.com; location / { root html/bbs; index index.html index.htm; } } }
- 10.0.0.31配置文件如下:(监听外网地址,如是虚拟机操作请监听VMnet8)
[root@NFS nginx]# vim conf/nginx.conf keepalive_timeout 65; worker_processes 1; error_log logs/error.log error; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; log_format main '$remote_addr - $remote_user "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; upstream firstSwitch { server 10.0.0.32:80; } server { listen 80; server_name www.daydayup.com; location / { proxy_pass http://firstSwitch; } } server { listen 80; server_name bbs.daydayup.com; location / { proxy_pass http://firstSwitch; } } }
- 启动并测试。
这里我们可以看出,无论是访问www.daydayup.com还是bbs.daydayup.com,最终显示地都是10.0.0.31 www.daydayup.com,因此可以得知我们的请求始终进入了web01(10.0.0.32)中的www文件夹中,这是为什么呢?我们通过Wireshark进行监听http
,可以发现在10.0.0.31的请求进入到10.0.0.32后,对应的请求主机发生了变化,变为了firstSwitch(改名成是我们在Nginx配置upstream木块中定义的),也就是说后端将会被firstSwitch屏蔽。因为进入到第二层服务器后,nginx找不到对应的 域名,默认显示第一个www.daydayup.com配置。
- 添加配置proxy_set_header host $host;
这是能显示我们想要的内容。再看看wireshark抓包情况,请求从10.0.0.31转发到10.0.0.32时所携带的主机依然是我们的bbs.daydayup.com。
这下知道参数proxy_set_header的作用了吧。
proxy_set_header除了有此功能外,还可通过proxy_set_header配置实现请求主机的追踪。我们先来看看(10.0.0.32 web01)logs/access.log中的日志:
[root@web01 nginx]# cat logs/access.log
10.0.0.31 - - [14/Dec/2019:00:02:18 +0800] "GET /favicon.ico HTTP/1.0" 404 571 "http://www.daydayup.com/" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 UBrowser/6.2.4098.3 Safari/537.36" "-"
10.0.0.31 - - [14/Dec/2019:00:02:21 +0800] "GET / HTTP/1.0" 200 27 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 UBrowser/6.2.4098.3 Safari/537.36" "-"
10.0.0.31 - - [14/Dec/2019:00:02:21 +0800] "GET /favicon.ico HTTP/1.0" 404 571 "http://bbs.daydayup.com/" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 UBrowser/6.2.4098.3 Safari/537.36" "-"
10.0.0.31 - - [14/Dec/2019:00:02:51 +0800] "GET / HTTP/1.0" 304 0 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 UBrowser/6.2.4098.3 Safari/537.36" "-"
10.0.0.31 - - [20/Dec/2019:19:36:01 +0800] "GET / HTTP/1.0" 200 27 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "-"
10.0.0.31 - - [20/Dec/2019:19:36:01 +0800] "GET /favicon.ico HTTP/1.0" 404 571 "http://10.0.0.31/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "-"可以看出所有访问请求地址都是主机10.0.0.31(反向代理服务器),这样的话我们就不知道该请求是来自那一个原IP,导致我们没办法做ip拦截,分析,黑名单等操作。
此时可以通过proxy_set_header 配置如下:
[root@NFS nginx]# vim conf/nginx.conf
。
。
。
upstream firstSwitch {
server 10.0.0.32:80;
}
server {
listen 80;
server_name www.daydayup.com;
location / {
proxy_pass http://firstSwitch;
proxy_set_header host $host; ##
proxy_set_header X-Forwarded-For $remote_addr; ##这一行
}
}
server {
listen 80;
server_name bbs.daydayup.com;
location / {
proxy_pass http://firstSwitch;
proxy_set_header host $host; ##
proxy_set_header X-Forwarded-For $remote_addr; ##这一行
}
}
}
然后重启Nginx,再通过浏览器访问,并查看日志,这时可以看到在每一行的日志最后一行出现了一个ip,该ip就是请求的源IP。
10.0.0.31 - - [20/Dec/2019:20:02:56 +0800] "GET / HTTP/1.0" 200 27 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "10.0.0.1"
10.0.0.31 - - [20/Dec/2019:20:02:56 +0800] "GET /favicon.ico HTTP/1.0" 404 571 "http://10.0.0.31/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "10.0.0.1"
10.0.0.31 - - [20/Dec/2019:20:02:56 +0800] "GET / HTTP/1.0" 200 27 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "10.0.0.1"
10.0.0.31 - - [20/Dec/2019:20:02:56 +0800] "GET /favicon.ico HTTP/1.0" 404 571 "http://10.0.0.31/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "10.0.0.1"
10.0.0.31 - - [20/Dec/2019:20:02:56 +0800] "GET / HTTP/1.0" 200 27 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "10.0.0.1"
10.0.0.31 - - [20/Dec/2019:20:02:56 +0800] "GET /favicon.ico HTTP/1.0" 404 571 "http://10.0.0.31/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "10.0.0.1"
10.0.0.31 - - [20/Dec/2019:20:02:56 +0800] "GET / HTTP/1.0" 200 27 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "10.0.0.1"
10.0.0.31 - - [20/Dec/2019:20:02:56 +0800] "GET /favicon.ico HTTP/1.0" 404 571 "http://10.0.0.31/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "10.0.0.1"
proxy_set_header X-Forwarded-For $remote_addr;
实现用户访问反向代理服务,让web服务器日志记录真实用户IP。
通过wireShark抓包:在反向代理服务器向web01(10.0.0.32)转发时,也会将10.0.0.1信息携带上。
最后修改于 2019-12-16 17:03:59
如果觉得我的文章对你有用,请随意赞赏
扫一扫支付
