There is a hash relationship between session and ip address, especially when the internal and external network replacement is incomplete, such as quitting and using 192.168.13.99/hb_phonebank_web/logout,
Use http://116.236.184.238:8006/hb_phonebank_web/ to log in. At this time, the session is not correct. It is obvious that the logout has not been cleared, and the login has not been completed.
change username
The external network front-end request is the external network address (the address that the user can access), and then nginx is converted to the internal network. The upstream is used internally by nginx, and the installed address of nginx is the address to be mapped by the external network.
External network mapping:
116.236.184.238:8006 ---》 192.168.13.99:80
116.236.184.238:8007 ---》 192.168.13.99:8126
nginx implementation:
Extranet Intranet
Server: http://116.236.184.238:8006/hb_phonebank_web/ ----" http://192.168.13.99/hb_phonebank_web/
Static page: http://116.236.184.238:8007/dashboard ----" http://192.168.13.99:8126/dashboard
When using port mapping on the external network, the terminal may be lost when exiting ( http://116.236.184.238/hb_phonebank_web/ ), the internal network 80 can be omitted so there is no problem, nginx needs to configure proxy_set_header Host $http_host ;
$host不能再用
nginx 配置:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
proxy_buffer_size 128k;
proxy_buffers 32 32k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
client_header_buffer_size 64k;
large_client_header_buffers 4 64k;
# include /etc/nginx/conf.d/*.conf;
upstream 116.236.184.238 {
ip_hash;
server 192.168.13.97:8080;
server 192.168.13.99:8080;
}
server {
listen 80;//本机地址的80,192.168.13.99:80
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
proxy_read_timeout 300;
proxy_pass http://116.236.184.238;
# proxy_set_header Host $host;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
server {
listen 8126;
server_name localhost;
location / {
root /home/distph;
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location /hb_phonebank_web {
client_max_body_size 10M;
proxy_pass http://116.236.184.238;
proxy_redirect off;
#proxy_set_header Host $host;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
}
}
shrio配置:
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/login" />
<!--<property name="successUrl" value="/login/auth" />-->
<property name="successUrl" value="http://116.236.184.238:8007/" />
<property name="unauthorizedUrl" value="/login" />
<property name="filterChainDefinitionMap" ref="chainDefinitionSectionMetaSource" />
<property name="filters">
<map>
<entry key="authc" value-ref="authenticationFilter" />
<entry key="role" value-ref="roleAuthorizationFilter" />
</map>
</property>
</bean>
退出的时候,也换成http://116.236.184.238:8006/hb_phonebank_web/logout