实现透传真实IP地址

环境

10.0.0.1   --> client	ip.oldxu.com
10.0.0.5   --> proxy-1
10.0.0.7   --> proxy-2
10.0.0.8   --> web

添加X-Forward-For头字段

proxy-1

[root@lb01 ~]# cat   /etc/nginx/conf.d/proxy_ip.oldxu.com.conf
	server {
			listen 80;
			server_name ip.oldxu.com;

		location / {
				proxy_pass http://10.0.0.7;
				proxy_set_header Host $http_host;
				proxy_set_header X-Real-IP  $remote_addr;
				proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			}
		}

proxy-2

[root@web01 ~]# cat /etc/nginx/conf.d/proxy_ip.oldxu.com.conf
	server {
			listen 80;
			server_name ip.oldxu.com;

		location / {
				proxy_pass http://10.0.0.8;
				proxy_set_header Host $http_host;
				proxy_set_header X-Real-IP  $remote_addr;
				proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			}
		}

web

[root@web02 ~]# cat /etc/nginx/conf.d/ip.oldxu.com.conf
	server {
			listen 80;
			server_name ip.oldxu.com;
			root  /php;

		location /  {
				index index.php;
				}

		location ~ \.php$ {
				fastcgi_pass 127.0.0.1:9000;
				fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
				include  fastcgi_params;
				}
		}

创建目录、配置
[root@web02 ~]# mkdir /php
[root@web02 ~]# cat /php/index.php
	





X-Forwarded-For提取真实IP的方式：
优点：一定能提取到真是的IP地址
缺点：必须所有经过的代理服务器都开启X-FORWARDED-FOR变量携带IP至后端

Nginx_RealIP模块

10.0.0.1   --> client	ip.oldxu.com

10.0.0.5   --> proxy-1
10.0.0.7   --> proxy-2
10.0.0.8   --> web			#修改他

[root@web02 ~]# cat /etc/nginx/conf.d/ip.oldxu.com.conf
server {
listen 80;
server_name ip.oldxu.com;
root  /php;

#web前端所有的代理服务器地址，一个都不能少
set_real_ip_from 10.0.0.5;
set_real_ip_from 10.0.0.7;
real_ip_header X-Forwarded-For;	#丛那个header头检索出需要的IP地址 ( 10.0.0.1, 10.0.0.5, 10.0.0.7)
real_ip_recursive on;		#递归排除 set_real_ip_form里面出现的IP地址，剩下没有出现的IP则被认为是真实IP地址
								  # （ 10.0.0.1 ==$remote_addr ）

location /  {
	index index.php;
}

location ~ \.php$ {
	fastcgi_pass 127.0.0.1:9000;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	include  fastcgi_params;
	}
}




realip：直接使用就能提取到真实IP，但缺陷是他需要知道沿途经过的所有IP地址 或 地址段