实现反向代理客户端IP透传
1. 架构
默认情况下,使用反向代理时,后端服务器只能看到访问是从反向代理服务器过来,无法识别客户端IP.通过IP透传实现后端服务器识别到客户端真实IP.
2. apache 安装
2.1 安装apache
yum install -y httpd
2.2 修改apache配置文件
vi /etc/httpd/conf/httpd.conf
监听
Listen 192.168.31.28:80
log配置
LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
2.3 启动apache
systemctl start httpd
3. 安装反向代理
3.1 安装Nginx
yum install -y nginx
3.2 配置Nginx
cat >>/etc/nginx/nginx.conf<<EOF
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
root /usr/share/nginx/html;
include /etc/nginx/default.d/*.conf;
location / {
index index.html index.php;
root /data/nginx/html/pc;
proxy_pass http://192.168.31.28;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
EOF
3.2 启动nginx
systemctl start nginx