当服务器有反向代理时,服务器不知道访问的客户端的真实ip,这个实验目的就是获取真实的客户端ip
此实验需要三台虚拟机:
虚拟机名称 | ip | 作用 |
---|---|---|
server1 | 172.25.63.1 | nginx服务器 |
server2 | 172.25.63.2 | server1的代理 |
server3 | 172.25.63.3 | 客户端 |
1.在server1和server2安装nginx
注意:server1安装的nginx必须有--with-http_realip_module
模块
2.配置反向代理服务器
在server2:
[root@server2 conf]# vim nginx.conf
作出以下修改:
17 http {
18 include mime.types;
19 default_type application/octet-stream;
20 upstream westos {
21 server 172.25.63.1:80;
22 }
......
118 server {
119 listen 80;
120 server_name www.westos.org;
121
122 location / {
123 proxy_pass http://westos;
124 }
125 }
检查nginx配置文件并启动:
[root@server2 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server2 conf]# nginx
此时已经实现了server2对server1 的代理,在server3做解析并测试:
[root@server3 ~]# cat /etc/hosts
172.25.63.2 server2 www.westos.org
[root@server3 ~]# curl www.westos.org
server1 #成功实现代理
[root@server3 ~]# curl www.westos.org
server1
[root@server3 ~]# curl www.westos.org
server1
此时查看nginx服务器(server1)的日志:
[root@server1 ~]# cat /usr/local/nginx/logs/access.log
......
172.25.63.2 - - [27/Feb/2020:04:03:19 +0800] "GET / HTTP/1.0" 200 8 "-" "curl/7.29.0"
172.25.63.2 - - [27/Feb/2020:04:03:21 +0800] "GET / HTTP/1.0" 200 8 "-" "curl/7.29.0"
172.25.63.2 - - [27/Feb/2020:04:03:22 +0800] "GET / HTTP/1.0" 200 8 "-" "curl/7.29.0"
172.25.63.2 - - [27/Feb/2020:04:03:22 +0800] "GET / HTTP/1.0" 200 8 "-" "curl/7.29.0"
可以看出nginx服务器只知道代理服务器的ip地址,而不知道客户端的ip地址,想要知道客户端的ip地址需要在nginx服务器进行如下设置:
3.配置nginx服务器
在server1:
[root@server1 conf]# vim nginx.conf
36 server {
37 listen 80;
38 server_name localhost;
39
40 set_real_ip_from 172.25.63.2; #反向代理服务器的ip
41 real_ip_header X-Forwarded-For; #保留每一级的报文头
42 real_ip_recursive on;
43 #charset koi8-r;
重新加载nginx:
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
4.配置反向代理服务器
[root@server2 conf]# vim nginx.conf
118 server {
119 listen 80;
120 server_name www.westos.org;
121
122 location / {
123 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
124 proxy_pass http://westos;
125 }
126 }
重新加载nginx:
[root@server2 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server2 conf]# nginx -s reload
5.测试
此时在客户端(server3):
[root@server3 ~]# curl www.westos.org
server1
[root@server3 ~]# curl www.westos.org
server1
[root@server3 ~]# curl www.westos.org
server1
查看server1(nginx服务器)的日志:
[root@server1 conf]# cat /usr/local/nginx/logs/access.log
......
172.25.63.3 - - [27/Feb/2020:04:32:05 +0800] "GET / HTTP/1.0" 200 8 "-" "curl/7.29.0"
172.25.63.3 - - [27/Feb/2020:04:32:06 +0800] "GET / HTTP/1.0" 200 8 "-" "curl/7.29.0"
172.25.63.3 - - [27/Feb/2020:04:32:07 +0800] "GET / HTTP/1.0" 200 8 "-" "curl/7.29.0"
可以看出现在nginx服务器已经可以得知客户端(server3)的真实ip了。