Nginx在使用varnish作缓存情况下获取用户真实ip(2)

二.关于一些基本配置

这里我直接在varnishd配置文件里,加上一个缓存的网站   ,配置文件如下:

#Cache for linuxtone sites  #backend vhost  backend  wwwlinuxidccom {  .host = "www.linuxidc.com";  .port = "80";  }  #acl  acl purge {    "localhost";    "127.0.0.1";    "192.168.0.0"/24;  }  sub vcl_recv {  
        if (req.http.Accept-Encoding) {              if (req.url ~ "\.(jpg|png|gif|jpeg|flv)$" ) {                  remove req.http.Accept-Encoding;                  remove req.http.Cookie;              } else if (req.http.Accept-Encoding ~ "gzip") {                  set req.http.Accept-Encoding = "gzip";              } else if (req.http.Accept-Encoding ~ "deflate") {                  set req.http.Accept-Encoding = "deflate";              } else {                  remove req.http.Accept-Encoding;              }          }             if (req.http.host ~  "(.*)linuxidc.com") {                         set req.backend = wwwlinuxidccom;                   }              else {                          error 404 "This website is maintaining or not exist!";                  }    if (req.request == "PURGE") {       if (!client.ip ~purge) {         error 405 "Not Allowed";     }  #.dd.....     return(lookup);    }  #...GET...url...jpg,png,gif. ..cookie    if (req.request == "GET"&& req.url ~ "\.(png|gif|jpeg|jpg|ico|swf|css|js|html|htm|gz|tgz|bz2|tbz|mp3|ogg|mp4|flv|f4v|pdf)$") {          unset req.http.cookie;    }  #..GET...url.php....cache....    if (req.request =="GET"&&req.url ~ "\.php($|\?)"){          return (pass);    }  #   }  #........pipe..      if (req.request != "GET" &&        req.request != "HEAD" &&        req.request != "PUT" &&        req.request != "POST" &&        req.request != "TRACE" &&        req.request != "OPTIONS" &&        req.request != "DELETE") {          return (pipe);      }  #..GET .HEAD.....      if (req.request != "GET" && req.request != "HEAD") {          return (pass);      }      if (req.http.Authorization) {          return (pass);      }      return (lookup);  }  #..url+host hash......  sub vcl_hash {      hash_data(req.url);      if (req.http.host) {          hash_data(req.http.host);      } else {          hash_data(server.ip);      }      return (hash);  }  # .....purge .....  sub vcl_hit {     if (req.request == "PURGE") {         set obj.ttl = 0s;         error 200 "Purged";      }      return (deliver);  }  sub vcl_fetch {            if (req.url ~ "\.(jpeg|jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|ico|swf|flv|dmg|js|css|html|htm)$") {                     set beresp.ttl = 2d;                     set berespberesp.http.expires = beresp.ttl;                     set beresp.http.Cache-Control = "max-age=172800";                     unset beresp.http.set-cookie;            }            if (req.url ~ "\.(dmg|js|css|html|htm)$") {                     set beresp.do_gzip = true;            }            if (beresp.status == 503) {                           set beresp.saintmode = 15s;            }  }  sub vcl_deliver {          set resp.http.x-hits = obj.hits ;          if (obj.hits > 0) {                  set resp.http.X-Cache = "HIT You!";          } else {                  set resp.http.X-Cache = "MISS Me!";          }  }  

并在A服务器的host文件里绑定  为 192.168.1.150

# vim /etc/hosts 192.168.1.150 

启动varnish

 

# /usr/local/varnishd/etc/varnish/vcl.conf -s malloc,10M -T 127.0.0.1:2000 -a 0.0.0.0:80 

B服务器上的Nginx 可参考网上一些配置,都是大同小异的,

我在这里添加一个虚拟主机:

# vim /usr/local/nginx/conf/nginx.confserver         {       listen    80;                 server_name ;                 index  index.php index.html index.htm;                 root  /home/yaozhibing;    log_format  wwwlogs  '$remote_addr - $http_x_real_ip - $http_X_Forwarded_For - $remote_user [$time_local] "$request" ';     access_log  /home/linuxidc.log  wwwlogs; 

我们在日志文件里定义了 $http_real_ip,  $http_X_forwarded_for的值,其实这两个值是一样的。 http_real_ip是指用户的真实ip。$http_X_forwarded_for是指通过上一级代理之前的ip。如果有多级代理,这个值里面就有很多的ip.我们这里只有一级代理,所以。这里的$http_X_forwarded_for 指的也是用户的真实ip.

好,我们来监控一下日志。看能不能获取到这些值。

很明显这些值,是获取不到的,只能获取到前端varnishd服务器 192.168.1.151的ip.

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://www.heiqu.com/c5c72636078c52ff53dbdd4f745dc595.html