Problems that need to be paid attention to in internal and external network mapping (session and ip address have a hash relationship)

 

There is a hash relationship between session and ip address, especially when the internal and external network replacement is incomplete, such as quitting and using 192.168.13.99/hb_phonebank_web/logout,

Use http://116.236.184.238:8006/hb_phonebank_web/ to log in. At this time, the session is not correct. It is obvious that the logout has not been cleared, and the login has not been completed.

change username

 

 

 

The external network front-end request is the external network address (the address that the user can access), and then nginx is converted to the internal network. The upstream is used internally by nginx, and the installed address of nginx is the address to be mapped by the external network.

 

External network mapping:

116.236.184.238:8006   ---》  192.168.13.99:80

116.236.184.238:8007   ---》  192.168.13.99:8126

 

 

nginx implementation:

 

Extranet Intranet

Server: http://116.236.184.238:8006/hb_phonebank_web/ ----" http://192.168.13.99/hb_phonebank_web/

 

Static page: http://116.236.184.238:8007/dashboard ----" http://192.168.13.99:8126/dashboard    

 When using port mapping on the external network, the terminal may be lost when exiting ( http://116.236.184.238/hb_phonebank_web/ ), the internal network 80 can be omitted so there is no problem, nginx needs to configure proxy_set_header Host    $http_host ;

$host不能再用

 

nginx  配置:

 

user  nginx;

worker_processes  1;

 

error_log  /var/log/nginx/error.log warn;

pid        /var/run/nginx.pid;

 

 

events {

    worker_connections  1024;

}

 

 

http {

    include       /etc/nginx/mime.types;

    default_type  application/octet-stream;

 

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                      '$status $body_bytes_sent "$http_referer" '

                      '"$http_user_agent" "$http_x_forwarded_for"';

 

    access_log  /var/log/nginx/access.log  main;

 

    sendfile        on;

    #tcp_nopush     on;

 

    keepalive_timeout  65;

 

    #gzip  on;

 

          proxy_buffer_size  128k;

 

          proxy_buffers   32 32k;

 

          proxy_busy_buffers_size 128k;

        

          proxy_temp_file_write_size 128k;

 

          client_header_buffer_size 64k;

 

          large_client_header_buffers 4 64k;

 

   # include /etc/nginx/conf.d/*.conf;

 

upstream 116.236.184.238 {  

   ip_hash;  

   server 192.168.13.97:8080;  

    server 192.168.13.99:8080;  

    }

 

server {

    listen       80;//本机地址的80，192.168.13.99:80

    server_name  localhost;

 

    #charset koi8-r;

    #access_log  /var/log/nginx/host.access.log  main;

 

    location / {

         proxy_read_timeout 300;

          proxy_pass http://116.236.184.238; 

         # proxy_set_header Host $host;

          proxy_set_header Host  $http_host;

          proxy_set_header X-Real-IP $remote_addr;

          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    }

 

    #error_page  404              /404.html;

 

    # redirect server error pages to the static page /50x.html

    #

    error_page   500 502 503 504  /50x.html;

    location = /50x.html {

        root   /usr/share/nginx/html;

    }

 

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80

    #

    #location ~ \.php$ {

    #    proxy_pass   http://127.0.0.1;

    #}

 

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

    #

    #location ~ \.php$ {

    #    root           html;

    #    fastcgi_pass   127.0.0.1:9000;

    #    fastcgi_index  index.php;

    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;

    #    include        fastcgi_params;

    #}

 

    # deny access to .htaccess files, if Apache's document root

    # concurs with nginx's one

    #

    #location ~ /\.ht {

    #    deny  all;

    #}

}

 

server {

        listen       8126;

        server_name  localhost;

        location / {

            root   /home/distph; 

            try_files $uri $uri/ /index.html;

            index  index.html index.htm;

        }

        error_page   500 502 503 504  /50x.html;

        location = /50x.html {

            root   html;

        }

             

                location /hb_phonebank_web {

            client_max_body_size 10M;

            proxy_pass http://116.236.184.238;

            proxy_redirect off;

            #proxy_set_header Host $host;

             proxy_set_header Host  $http_host;

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_set_header X-Real-IP $remote_addr;

        }       

                

    }

 

 

}

 

 

 

 

 

shrio配置：

 

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">

<property name="securityManager" ref="securityManager" />

<property name="loginUrl" value="/login" />

<!--<property name="successUrl" value="/login/auth" />-->

<property name="successUrl" value="http://116.236.184.238:8007/" />

<property name="unauthorizedUrl" value="/login" />

<property name="filterChainDefinitionMap" ref="chainDefinitionSectionMetaSource" />

<property name="filters">

<map>

<entry key="authc" value-ref="authenticationFilter" />

<entry key="role" value-ref="roleAuthorizationFilter" /> 

</map>

</property>

</bean>

 

 

 

 

 

 

退出的时候，也换成http://116.236.184.238:8006/hb_phonebank_web/logout