nginx proxy模块

时间:2023-03-09 05:52:22
nginx proxy模块

环境:

  user:192.168.100.169

  nginx代理:192.168.100.175

  tomcat:192.168.100.175

  域名:www.vijay.com  --->192.168.100.175

1.nginx配置

    server {

        listen ;

        server_name www.vijay.com;

        location / {

            proxy_pass http://192.168.100.175:8080/;

            proxy_redirect off;

            proxy_set_header Host $host;          

            proxy_set_header X-Real-IP $remote_addr;

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

      proxy_connect_timeout 90;
        proxy_send_timeout 90;
        proxy_read_timeout 90;
        proxy_buffer_size 4k;
        proxy_buffers 4 32k;
        proxy_busy_buffers_size 64k;
        proxy_temp_file_write_size 64k;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header http_user_agent $http_user_agent;    //判断访问端是苹果,安卓,win还是mac

        proxy_next_upstream http_502 http_504 http_503 error timeout invalid_header;  //请求出错后,转向下一个节点

        }

        location /status {

                stub_status on;

                access_log on;

        }

    }
proxy_pass http://192.168.10.10;  //用于指定反向代理的服务器池

proxy_set_header Host $hoxt;      //当后端web服务器也配置了多个虚拟主机时,需要用该header来区分反向代理哪个主机名

prox_set header X-Forwarded-For $remote_addr    //如果后端web服务器上的程序需要获取用户ip,可以从该header头获取

proxy_set_header http_user_agent $http_user_agent;    //判断访问端是苹果,安卓,win还是mac

proxy_body_buffer_size            //用于指定客户端请求主体缓冲区大小,可以理解为先保存到本地在传给用户

proxy_connect_timeout          //表示与后端服务器连接的超时时间,即发起握手等候响应的超时时间

proxy_send_timeout          //表示后端服务器的数据回传时间,即在规定的时间内后端服务器必须传完所有的数据,否则,nginx将断开这个连接

proxy_read_timeout          //设置nginx从代理的后端服务器获取信息的时间,表示连接建立成功之后,nginx等待后端服务器的响应时间,其实nginx已经进入后端的排队之中等候处理

proxy_buffer_size          //设置缓冲区大小,默认,该个、缓冲区大小等于指令proxy_buffers设置的大小

proxy_buffers              //设置缓冲区的数量和大小。nginx从代理的后端服务器获取的响应信息,会保存到缓冲区

proxy_busy_buffers_size          //用于设置系统忙碌时可以使用的proxy_buffers大小,官方推荐为proxy_buffers*2

proxy_tmep_file_write_size      //指定proxy缓存临时文件的大小
proxy_next_upstream http_502 http_504 http_503 error timeout invalid_header;  //请求出错后,转向下一个节点

2.web服务器端日志配置(如tomcat)

        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"

               prefix="localhost_access_log" suffix=".txt"

               pattern="%h  %{X-Forwarded-For}i %{X-Real-IP}i  %{Host}i %{http_user_agent}i  %l %u %t &quot;%r&quot; %s %b" />
3.log日志:
192.168.100.175  192.168.100.169 192.168.100.169  www.vijay.com  - - [/May/::: +] "GET /bg-upper.png HTTP/1.0"  -

192.168.100.175  192.168.100.169 192.168.100.169  www.vijay.com  - - [/May/::: +] "GET /bg-nav.png HTTP/1.0"  -

192.168.100.175  192.168.100.169 192.168.100.169  www.vijay.com  - - [/May/::: +] "GET /asf-logo.png HTTP/1.0"  -

192.168.100.175  192.168.100.169 192.168.100.169  www.vijay.com  - - [/May/::: +] "GET /bg-button.png HTTP/1.0"  -

192.168.100.175  192.168.100.169 192.168.100.169  www.vijay.com  - - [/May/::: +] "GET /tomcat.png HTTP/1.0"  -

192.168.100.175  192.168.100.169 192.168.100.169  www.vijay.com  - - [/May/::: +] "GET /bg-middle.png HTTP/1.0"  -
192.168.100.175  192.168.100.21 192.168.100.21  192.168.100.175 Mozilla/5.0 (iPhone; CPU iPhone OS 9_2_1 like Mac OS X) AppleWebKit/601.1. (KHTML, like Gecko) Version/9.0 Mobile/13D15 Safari/601.1  - - [/May/::: +] "GET /bg-button.png HTTP/1.0"  -

192.168.100.175  192.168.100.21 192.168.100.21  192.168.100.175 Mozilla/5.0 (iPhone; CPU iPhone OS 9_2_1 like Mac OS X) AppleWebKit/601.1. (KHTML, like Gecko) Version/9.0 Mobile/13D15 Safari/601.1  - - [/May/::: +] "GET /bg-middle.png HTTP/1.0"  -

192.168.100.175  192.168.100.21 192.168.100.21  192.168.100.175 Mozilla/5.0 (iPhone; CPU iPhone OS 9_2_1 like Mac OS X) AppleWebKit/601.1. (KHTML, like Gecko) Version/9.0 Mobile/13D15 Safari/601.1  - - [/May/::: +] "GET /asf-logo.png HTTP/1.0"  -

192.168.100.175  192.168.100.21 192.168.100.21  192.168.100.175 Mozilla/5.0 (iPhone; CPU iPhone OS 9_2_1 like Mac OS X) AppleWebKit/601.1. (KHTML, like Gecko) Version/9.0 Mobile/13D15 Safari/601.1  - - [/May/::: +] "GET /bg-upper.png HTTP/1.0"  -

192.168.100.175  192.168.100.108 192.168.100.108  192.168.100.175 Mozilla/5.0 (Linux; U; Android 4.2.; zh-cn; HUAWEI G750-T00 Build/HuaweiG750-T00) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30  - - [/May/::: +] "GET / HTTP/1.0"

192.168.100.175  192.168.100.108 192.168.100.108  192.168.100.175 Mozilla/5.0 (Linux; U; Android 4.2.; zh-cn; HUAWEI G750-T00 Build/HuaweiG750-T00) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30  - - [/May/::: +] "GET /tomcat.css HTTP/1.0"

192.168.100.175  192.168.100.108 192.168.100.108  192.168.100.175 Mozilla/5.0 (Linux; U; Android 4.2.; zh-cn; HUAWEI G750-T00 Build/HuaweiG750-T00) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30  - - [/May/::: +] "GET /tomcat.png HTTP/1.0"  5103

192.168.100.175 192.168.100.169 192.168.100.169 192.168.100.175 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) - - [12/May/2016:19:25:28 +0800] "GET /bg-button.png HTTP/1.0" 304 -
192.168.100.175 192.168.100.169 192.168.100.169 192.168.100.175 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) - - [12/May/2016:19:25:28 +0800] "GET /asf-logo.png HTTP/1.0" 304 -
192.168.100.175 192.168.100.169 192.168.100.169 192.168.100.175 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) - - [12/May/2016:19:25:28 +0800] "GET /bg-middle.png HTTP/1.0" 304 -
192.168.100.175 192.168.100.165 192.168.100.165 192.168.100.175 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11) AppleWebKit/601.1.56 (KHTML, like Gecko) Version/9.0 Safari/601.1.56 - - [12/May/2016:19:27:51 +0800] "GET / HTTP/1.0" 200 11230
192.168.100.175 192.168.100.165 192.168.100.165 192.168.100.175 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11) AppleWebKit/601.1.56 (KHTML, like Gecko) Version/9.0 Safari/601.1.56 - - [12/May/2016:19:27:51 +0800] "GET /tomcat.css HTTP/1.0" 200 5576
192.168.100.175 192.168.100.165 192.168.100.165 192.168.100.175 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11) AppleWebKit/601.1.56 (KHTML, like Gecko) Version/9.0 Safari/601.1.56 - - [12/May/2016:19:27:51 +0800] "GET /tomcat.png HTTP/1.0" 200 5103
192.168.100.175 192.168.100.165 192.168.100.165 192.168.100.175 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11) AppleWebKit/601.1.56 (KHTML, like Gecko) Version/9.0 Safari/601.1.56 - - [12/May/2016:19:27:51 +0800] "GET /bg-nav.png HTTP/1.0" 200 1401

%h :192.168.100.175
%{X-Forwarded-For}i:192.168.100.169
%{X-Real-IP}i:192.168.100.169
%{Host}i:www.vijay.com
%{http_user_agent}i:Mozilla/5.0 (iPhone; CPU iPhone OS 9_2_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13D15 Safari/601.1 
                     Mozilla/5.0 (Linux; U; Android 4.2.2; zh-cn; HUAWEI G750-T00 Build/HuaweiG750-T00) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30

备注:

X-Forwarded-For 和 X-Real-IP 的区及获取客户端的ip? 
一般来说,X-Forwarded-For是用于记录代理信息的,每经过一级代理(匿名代理除外),代理服务器都会把这次请求的来源IP追加在X-Forwarded-For中 来自4.4.4.4的一个请求,header包含这样一行 X-Forwarded-For: 1.1.1.1, 2.2.2.2, 3.3.3.3 代表 请求由1.1.1.1发出,经过三层代理,第一层是2.2.2.,第二层是3.3.3.,而本次请求的来源IP4.4.4.4是第三层代理。 
而X-Real-IP,一般只记录真实发出请求的客户端IP,上面的例子,如果配置了X-Read-IP,将会是 X-Real-IP: 1.1.1.1 所以 ,如果只有一层代理,这两个头的值就是一样的。

相关文章