前端varnish让后端nginx获取客户真实ip
当使用varnish做前端缓存的时候,想要让后端nginx获取客户真实ip,其实方法跟nginx做前端让后端nginx获取客户的真实ip是差不多的,想了解nginx做前端让后端获取客户真实ip请看这篇文章nginx proxy获取用户真实ip.下面我们来看看varnish的做法.系统:centos 5.9
环境:前端varnish
后端:lnmp
1.先在前端服务器安装varnish
wget http://repo.varnish-cache.org/source/varnish-3.0.0.tar.gz
tar zxf varnish-3.0.0.tar.gz && cd varnish-3.0.0
./configure --prefix=/usr/local/varnish
make && make install
cp /usr/local/varnish/etc/varnish/default.vcl /usr/local/varnish/etc/varnish/default.vcl.old
vi /usr/local/varnish/etc/varnish/default.vcl
backend www {
.host = "bbs.cnblackhat.com";
.port = "80";
}
#acl
acl purge {
"localhost";
"127.0.0.1";
"192.168.0.0"/24;
}
sub vcl_recv {
if (req.http.Accept-Encoding) {
if (req.url ~ "\.(jpg|png|gif|jpeg|flv)$" ) {
remove req.http.Accept-Encoding;
remove req.http.Cookie;
} else if (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} else if (req.http.Accept-Encoding ~ "deflate") {
set req.http.Accept-Encoding = "deflate";
} else {
remove req.http.Accept-Encoding;
}
}
if (req.http.host ~ "(.*)cnblackhat.com") {
set req.backend = www;
}
else {
error 404 "This website is maintaining or not exist!";
}
if (req.request == "PURGE") {
if (!client.ip ~purge) {
error 405 "Not Allowed";
}
#.dd.....
return(lookup);
}
#...GET...url...jpg,png,gif. ..cookie
if (req.request == "GET"&& req.url ~ "\.(png|gif|jpeg|jpg|ico|swf|css|js|html|htm|gz|tgz|bz2|tbz|mp3|ogg|mp4|flv|f4v|pdf)$") {
unset req.http.cookie;
}
#..GET...url.php....cache....
if (req.request =="GET"&&req.url ~ "\.php($|\?)"){
return (pass);
}
# }
#........pipe..
if (req.request != "GET" &&
req.request != "HEAD" &&
req.request != "PUT" &&
req.request != "POST" &&
req.request != "TRACE" &&
req.request != "OPTIONS" &&
req.request != "DELETE") {
return (pipe);
}
#..GET .HEAD.....
if (req.request != "GET" && req.request != "HEAD") {
return (pass);
}
if (req.http.Authorization) {
return (pass);
}
return (lookup);
}
#..url+host hash......
sub vcl_hash {
hash_data(req.url);
if (req.http.host) {
hash_data(req.http.host);
} else {
hash_data(server.ip);
}
return (hash);
}
# .....purge .....
sub vcl_hit {
if (req.request == "PURGE") {
set obj.ttl = 0s;
error 200 "Purged";
}
return (deliver);
}
sub vcl_fetch {
if (req.url ~ "\.(jpeg|jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|ico|swf|flv|dmg|js|css|html|htm)$") {
set beresp.ttl = 2d;
set berespberesp.http.expires = beresp.ttl;
set beresp.http.Cache-Control = "max-age=172800";
unset beresp.http.set-cookie;
}
if (req.url ~ "\.(dmg|js|css|html|htm)$") {
set beresp.do_gzip = true;
}
if (beresp.status == 503) {
set beresp.saintmode = 15s;
}
}
sub vcl_deliver {
set resp.http.x-hits = obj.hits ;
if (obj.hits > 0) {
set resp.http.X-Cache = "HIT You!";
} else {
set resp.http.X-Cache = "MISS Me!";
}
}
2.修改varnish配置文件
vi /usr/local/varnish/etc/varnish/default.vcl
backend www {
.host = "bbs.cnblackhat.com";
.port = "80";
}
#acl
acl purge {
"localhost";
"127.0.0.1";
"192.168.0.0"/24;
}
sub vcl_recv {
remove req.http.X-real-ip;
set req.http.X-real-ip = client.ip;
set req.http.X-Forwarded-For = client.ip;
if (req.http.Accept-Encoding) {
if (req.url ~ "\.(jpg|png|gif|jpeg|flv)$" ) {
remove req.http.Accept-Encoding;
remove req.http.Cookie;
} else if (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} else if (req.http.Accept-Encoding ~ "deflate") {
set req.http.Accept-Encoding = "deflate";
} else {
remove req.http.Accept-Encoding;
}
}
以下省略.
可以看到我在sub vcl_recv { 下添加3行语句
remove req.http.X-real-ip;
set req.http.X-real-ip = client.ip;
set req.http.X-Forwarded-For = client.ip;
3.修改后端nginx配置
vi /etc/nginx/nginx.conf
在http选项配置中添加下面语句:
set_real_ip_from nginx_proxy_ip/24;
set_real_ip_from nginx_proxy_ip;
real_ip_header X-Real-IP;
例子:
set_real_ip_from 192.168.10.0/24;
set_real_ip_from 192.168.10.6;
real_ip_header X-Real-IP;
4.在后端网站中添加php文件
vi i.php
<?php
echo $_SERVER['REMOTE_ADDR'];
然后把i.php放进你网站根目录下.
5.进行验证
在本地电脑上添加前端hosts,在前端添加后端hosts,然后在本地浏览器上进行访问,如果访问https://bbs.cnblackhat.com/i.php,可以看到本地电脑的ip就说明配置正确的,如果不行,请检查前端varnish和后端nginx是否重启让配置文件生效了的.
页:
[1]