一台 nginx 服务器被配置为反向代理。另一个也是 nginx,被配置为后端。我的意图是让后端服务器获取客户端的IP。我还安装了 GeoIP 模块来确定客户的地理位置。我使用变量 $realIP 作为假 IP 地址进行测试。
nginx版本:1.2.7 反向代理IP地址:192.168.162.131 反向代理配置:
http {
keepalive_timeout 100;
lua_package_path "/usr/local/src/lua-resty-redis/lib/?.lua;;";
map $uri $lua_uritmp{
default "";
~^(?P<key>.+)$ $key;
}
server {
listen 80;
set $realIP "58.180.70.160";
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $realIP;
proxy_set_header X-Forwarded-For $realIP;
proxy_pass http://backend;
}
}
upstream backend{
server 192.168.162.129:80;
}
}
后端服务器IP:192.168.162.129 nginx.conf:
http
{
access_log logs/access.log;
lua_package_path "/data/lua/?.lua;;";
geoip_country /data/geoip/GeoIP.dat;
geoip_city /data/geoip/GeoLiteCity.dat;
map $uri $lua_uritmp{
default "";
~^/(?P<key>.+)$ $key;
}
map $geoip_city_country_code $luacon{
default "";
~^(?P<key>.+)$ $key;
}
server {
listen 80;
set_real_ip_from 192.168.162.129;
real_ip_header X-Real-IP;
set $lua_country $luacon;
location / {
rewrite_by_lua '
local redis = require "resty.redis"
local testdemo = redis:new()
local luacountry = "eu"
local luauri = "js"
testdemo:set_timeout(1000)
local ok,err = testdemo:connect("127.0.0.1",6379)
if not ok then
ngx.say("faild to connect",err)
return
end
local exist = testdemo:exists(luauri)
if exist==1 then
local remote_host=testdemo:hget(luauri,luacountry)
if remote_host then
-- ngx.redirect("http://"..remote_host);
else
ngx.say(luacountry)
end
end
';
content_by_lua '
local lua_con = ngx.var.lua_country
ngx.say("this is the country",lua_con)
ngx.say("remote_addr",ngx.var.remote_addr)
ngx.say("X-Real-IP: ", ngx.req.get_headers()["X-Real-IP"])
';
}
}
}
当我在 Chrome 中输入 192.168.162.131 时,它会返回:
this is the country
remote_addr192.168.162.131
X-Real-IP: 58.180.70.160
后端服务器的访问日志只有反向代理服务器的IP。
192.168.162.131 - - [28/Jun/2013:03:13:58 -0700] "GET /favicon.ico HTTP/1.0" 200 72 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
我想知道在执行指令-real_ip_header X-Real-IP 后,RealIP 模块会修改 nginx 变量 $remote_addr;