Nginx反向代理多虚拟主机及记录真实客户端IP

回复 收藏
本帖最后由 清茶一杯 于 2016-4-19 20:28 编辑

1.多虚拟机反向代理

___________________________________________________________

主机信息:

Nginx代理:192.168.1.201
Nginx_web_1:192.168.1.202
Nginx_web_2:192.168.1.203
测试机:192.168.1.204
-----------------------------------三台主机安装
#安装参数
cd /usr/local/src/
tar zxvf nginx-1.6.2.tar.gz
cd nginx-1.6.2
yum install -y pcre-devel openssl-devel gzip
./configure   --prefix=/usr/local/nginx   --with-pcre  --with-http_ssl_module --with-http_stub_status_module
make && make install

#启动脚本略
#主配置略


----------------------------------两台web虚拟主机配置
#虚拟主机配置
mkdir /usr/local/nginx/conf/vhosts
vim  /usr/local/nginx/conf/vhosts/server.conf
  server {
      listen 80 ;
      server_name bbs.szk.com;
      location / {
           root /data/bbs;
           index index.html index.htm;
          }
      access_log logs/access_bbs.log ;
       }

     server {
      listen 80 ;
      server_name www.szk.com;
      location / {
           root /data/www;
           index index.html index.htm;
          }
      access_log logs/access_www.log ;
}
---------------------------------两台web创建站点目录及测试文件
[root@lab-2-C6 ~]#
for n in bbs www;do mkdir -p /data/$n;echo "$n.szk.com_202" >/data/$n/index.html;done
cat /data/bbs/index.html
echo "192.168.1.202 www.szk.com" >> /etc/hosts
echo "192.168.1.202 bbs.szk.com" >> /etc/hosts
/etc/init.d/nginx configtest
/etc/init.d/nginx start


[root@lab-2-C6 ~]#
for n in bbs www;do mkdir -p /data/$n;echo "$n.szk.com_203" >/data/$n/index.html;done

cat /data/www/index.html
echo "192.168.1.203 www.szk.com" >> /etc/hosts
echo "192.168.1.203 bbs.szk.com" >> /etc/hosts
/etc/init.d/nginx configtest
/etc/init.d/nginx start
------------------------------ nginx代理配置

vim /usr/local/nginx/conf/nginx.conf
  upstream www_server_pools {
       server 192.168.1.202:80 weight=1;
       server 192.168.1.203:80 weight=1;
    }   


    upstream bbs_server_pools {
       server 192.168.1.202:80 weight=1;
       server 192.168.1.203:80 weight=1;
    }

    server {
       listen 80;
       server_name www.szk.com;
         location / {
         proxy_pass http://www_server_pools;
         }
      }

   server {
       listen 80;
       server_name bbs.szk.com;
         location / {
         proxy_pass http://bbs_server_pools;
         }
      }

echo "192.168.1.201 www.szk.com" >> /etc/hosts
echo "192.168.1.201 bbs.szk.com" >> /etc/hosts

-----------------------------------测试
[root@lab-4-C6 ~]#
echo "192.168.1.201 www.szk.com" >> /etc/hosts
echo "192.168.1.201 bbs.szk.com" >> /etc/hosts

[root@lab-4-C6 ~]# curl bbs.szk.com
bbs.szk.com_202
[root@lab-4-C6 ~]# curl bbs.szk.com
bbs.szk.com_203
[root@lab-4-C6 ~]# curl www.szk.com
bbs.szk.com_203
[root@lab-4-C6 ~]# curl www.szk.com
bbs.szk.com_202

#反向代理、负载均衡功能已经实现,但有多台虚拟主机时,出现访问出错

原因:
当用户访问域名时确实是携带了www.szk.com的主机头请求Nginx反向代理服务器,但是反向代理向下面WEB节点发起请求时,默认并没有在请求头里告诉节点服务器要找那台虚拟主机,所以,WEB节点服务器接收到请求后发现没有主机头信息,因此,就把节点服务器的第一个虚拟主机发给了反向代理了。

解决:
当反向代理向后重新发起请求时,要携带主机头信息,以明确告诉节点服务器要找哪个虚机主机。在Nginx代理www服务虚拟主机配置里增加如下配置即可:
proxy_set_header Host $host;

[root@lab-4-C6 ~]# curl bbs.szk.com
bbs.szk.com_202
[root@lab-4-C6 ~]# curl bbs.szk.com
bbs.szk.com_203
[root@lab-4-C6 ~]# curl www.szk.com
bbs.szk.com_203
[root@lab-4-C6 ~]# curl www.szk.com
bbs.szk.com_202

2.记录真实客户端IP


多虚机负载及代理成功了,但是WEB日志访问IP是代理服务器的而不是真实客户端的
___________________________________________________________
[root@lab-2-C6 ~]# cat /usr/local/nginx/logs/access_bbs.log

192.168.1.202 - - [19/Feb/2016:08:50:17 +0800] "GET / HTTP/1.1" 200 16 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2"
192.168.1.201 - - [19/Feb/2016:09:16:22 +0800] "GET / HTTP/1.0" 200 16 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2"
192.168.1.201 - - [19/Feb/2016:09:16:26 +0800] "GET / HTTP/1.0" 200 16 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2"
192.168.1.201 - - [19/Feb/2016:09:16:27 +0800] "GET / HTTP/1.0" 200 16 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2"
-------------------------------------Nginx代理配置
[root@lab-1-C6 ~]#  
vim /usr/local/nginx/conf/nginx.conf

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';

    server {
       listen 80;
       server_name bbs.szk.com;
         location / {
         proxy_pass http://bbs_server_pools;
         proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $remote_addr;
----------------------------------WEB配置
[root@lab-2-C6 ~]#
vim /usr/local/nginx/conf/nginx.conf
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';
-----------------------------------测试
[root@lab-2-C6 ~]# cat  /usr/local/nginx/logs/access_bbs.log
192.168.1.201 - - [19/Feb/2016:13:42:37 +0800] "GET / HTTP/1.0" 200 16 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" "192.168.1.204"
192.168.1.201 - - [19/Feb/2016:13:42:43 +0800] "GET / HTTP/1.0" 200 16 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" "192.168.1.204"


2016-04-19 20:09 举报
已邀请:
0

qiangdashen2

赞同来自:

顶下..
0

weifan

赞同来自:

赞下

回复帖子,请先登录注册

退出全屏模式 全屏模式 回复
评分
可选评分理由: