just a simple example, for more information -> http://nginx.org/en/docs/.
1.vi /etc/yum.repos.d/nginx.repo
2. find repo from http://nginx.org/packages, choose version according to your system. save it.
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/[OS(for example:centos)]/$releasever/$basearch/
gpgcheck=0
enabled=1
3.yum install nginx
4.config nginx
u can edit nginx.conf directly or use "include" in nginx.conf
(1)root
A location context can contain directives that define how to resolve a request
¨C either serve a static file or pass the request to a proxied server.
(2)proxy_pass
The proxy_pass directive passes the request to the proxied server accessed with the configured URL.
The response from the proxied server is then passed back to the client.
(3)proxy_set_header (NGINX Reverse Proxy)
By default, NGINX redefines two header fields in proxied requests, ¡°Host¡± and ¡°Connection¡±,
and eliminates the header fields whose values are empty strings. ¡°Host¡± is set to the $proxy_host variable,
and ¡°Connection¡± is set to close:
proxy_set_header Host $proxy_host;
proxy_set_header Connection close;
To change these setting, as well as modify other header fields, use the "proxy_set_header" directive.
This directive can be specified in a location or higher.
It can also be specified in a particular server context or in the http block
server {
listen 80;
server_name www.system-in-motion.com;
root [location context];
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080/;
}
}
comment:
part 1.context£º
In practical application£¬we may need get client ip address to judge if land in different places£¬or statistic ip access times.
In normal, we get client ip by request.getRemoteAddr()£¬but when we use nginx as reverse proxy£¬
it will get nginx server ip address, (the value of $remote_addr is nginx server ip)
part 2.solution:
server {
listen 88;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location /{
root html;
index index.html index.htm;
proxy_pass http://backend;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-For $http_x_forwarded_for;
}
if we want to get client real ip in web server£¬we must do some settings in nginx, for example£º
1. proxy_set_header X-real-ip $remote_addr;
X-real-ip is a custom variable name£¬
then, the client ip is set in X-real-ip, we can get real value in web by request.getAttribute("X-real-ip")
2. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
It's mean add $proxy_add_x_forwarded_for to X-Forwarded-For, not overried;
X-Forwarded-For£¬exploit by squid£¬to identify client ip who access to web server through http proxy or load balancer,
which not follow RFC standard;
if set X-Forwarded-For,it will record each forward by proxy,The format is client1, proxy1, proxy2.
Because of not RFC standard£¬it's null defaultly.
it's mean we cannot get client ip by request.getAttribute("X-Forwarded-For").
For example£¬when visit web through two nginx:
In first nginx, add
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
now, $proxy_add_x_forwarded_for "X-Forwarded-For" is null£¬there is only $remote_addr£¬and the value of $remote_addr is client ip£¬
After assignment£¬the value of X-Forwarded-For is client real ip.
In second nginx£¬add
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
now, $proxy_add_x_forwarded_for£¬X-Forwarded-For contains client real ip£¬the value of $remote_addr is the first nginx ip address£¬
After assignment£¬The value of X-Forwarded-For will become ¡°client ip£¬first nginx ip¡±¡£
3. X-Forwarded-For $http_x_forwarded_for:
by default, X-Forwarded-For is null£¬
so, when only use 'proxy_set_header X-Forwarded-For $http_x_forwarded_for'£¬
u will find the value of request.getAttribute("X-Forwarded-For") is null¡£
if u want to get client real ip through request.getAttribute("X-Forwarded-For")£¬
we should use 'proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for';
make 安装(未成功,仅作记录)
tar zxvf nginx-1.9.9.tar.gz cd nginx-1.9.9 sudo apt-get update sudo apt-get install libpcre3 libpcre3-dev sudo apt-get install openssl libssl-dev ./configure --with-http_stub_status_module --with-http_gzip_static_module -- prefix=/usr/local/nginx make make install cd /usr/local/nginx sbin/nginx #redhat yum install *gcc* yum -y install pcre-devel openssl openssl-devel