1

一台 nginx 服务器被配置为反向代理。另一个也是 nginx,被配置为后端。我的意图是让后端服务器获取客户端的IP。我还安装了 GeoIP 模块来确定客户的地理位置。我使用变量 $realIP 作为假 IP 地址进行测试。

nginx版本:1.2.7 反向代理IP地址:192.168.162.131 反向代理配置:

 http {

 keepalive_timeout 100;
 lua_package_path "/usr/local/src/lua-resty-redis/lib/?.lua;;";



map $uri $lua_uritmp{
    default "";
    ~^(?P<key>.+)$ $key;
    }
 server {
   listen 80;
    set $realIP "58.180.70.160";
   location / {

            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $realIP;
            proxy_set_header X-Forwarded-For $realIP;
            proxy_pass http://backend;
            }
    }
    upstream backend{
            server 192.168.162.129:80;
    }
 }

后端服务器IP:192.168.162.129 nginx.conf:

 http 
 {

access_log logs/access.log;
lua_package_path "/data/lua/?.lua;;";

geoip_country /data/geoip/GeoIP.dat;
geoip_city    /data/geoip/GeoLiteCity.dat;

map $uri $lua_uritmp{
        default "";
        ~^/(?P<key>.+)$ $key;
    }

map  $geoip_city_country_code $luacon{
    default "";
    ~^(?P<key>.+)$ $key;
    }

server {
  listen 80;
     set_real_ip_from   192.168.162.129;
     real_ip_header     X-Real-IP;
        set $lua_country    $luacon;
        location / {
        rewrite_by_lua '

        local  redis      = require "resty.redis"
        local  testdemo   = redis:new()
        local  luacountry = "eu"
        local  luauri     = "js"

        testdemo:set_timeout(1000)

        local  ok,err = testdemo:connect("127.0.0.1",6379)
        if not ok then
              ngx.say("faild to connect",err)
              return
        end


        local exist = testdemo:exists(luauri)
        if exist==1 then
            local remote_host=testdemo:hget(luauri,luacountry)
            if remote_host then
       --           ngx.redirect("http://"..remote_host);
            else
                    ngx.say(luacountry)
            end
        end
        ';

    content_by_lua '
            local lua_con = ngx.var.lua_country
            ngx.say("this is the country",lua_con)
            ngx.say("remote_addr",ngx.var.remote_addr)
            ngx.say("X-Real-IP: ", ngx.req.get_headers()["X-Real-IP"])
    ';
    }

  }
}

当我在 Chrome 中输入 192.168.162.131 时,它会返回:

this is the country
remote_addr192.168.162.131
X-Real-IP: 58.180.70.160

后端服务器的访问日志只有反向代理服务器的IP。

  192.168.162.131 - - [28/Jun/2013:03:13:58 -0700] "GET /favicon.ico HTTP/1.0" 200 72 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"

我想知道在执行指令-real_ip_header X-Real-IP 后,RealIP 模块会修改 nginx 变量 $remote_addr;

4

0 回答 0