实现反向代理客户端IP透传

1. 架构

默认情况下,使用反向代理时,后端服务器只能看到访问是从反向代理服务器过来,无法识别客户端IP.通过IP透传实现后端服务器识别到客户端真实IP.

2. apache 安装

2.1 安装apache

 yum install -y httpd

2.2 修改apache配置文件

vi /etc/httpd/conf/httpd.conf

监听

Listen 192.168.31.28:80

log配置

LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

2.3 启动apache

systemctl start httpd

3. 安装反向代理

3.1 安装Nginx

yum install -y nginx

3.2 配置Nginx

cat >>/etc/nginx/nginx.conf<<EOF
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
    worker_connections 1024;
}
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    include /etc/nginx/conf.d/*.conf;
    server {
        listen       80;
        root         /usr/share/nginx/html;
        include /etc/nginx/default.d/*.conf;
	location / {
		index index.html index.php;
		root /data/nginx/html/pc;
		proxy_pass http://192.168.31.28;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}
    }
}
EOF

3.2 启动nginx

systemctl start nginx

4. IP透传效果