热门标签
热门文章
- 1ADB获取手机分辨率的多种方法,解决部分手机获取不到的问题_adb调手机分辨率
- 2GIt常用指令、概念及原理分析,图解rebase、merge指令区别,stash、reset贮藏重置等指令详解,每一条指令都有详细说明,值得收藏!_git rm stash
- 3Python自然语言处理笔记(五)------获取文本语料库_什么函数用于获取语料库中的文件
- 4ESP8266 01sWiFi模块保姆级教程 烧录和联网,连接华为云_esp8266wifi模块如何连接网络
- 5PostgreSQL11 | 数据类型和运算符_pgsql boolean相关函数
- 6开篇,对想学Java的小伙伴说点掏心窝子的大实话_程序员青戈怎么样
- 7[开题报告]Springboot会议室预约管理系统0bcs4计算机毕业设计
- 82024年运维最全升级Linux下的sudo_sudo v1(1),2024年最新原理+实战+视频+源码_sudo最新补丁包下载
- 9hive建表_hive创建外部表并指定存储位置
- 10LangChain快速加proxy代理_langchain openai proxy
当前位置: article > 正文
nginx虚拟主机配置、主机用户访问控制配置、反向代理后实现nginx和apache两种web服务器能够记录客户端的真实IP地址配置演示_nginx配置真实ip
作者:小蓝xlanll | 2024-06-08 14:12:54
赞
踩
nginx配置真实ip
目录
(2)修改nginx.conf文件,在htttp模块中配置两个server模块分别对应两个IP
(2)同样在http模块中添加server模块,注意工作目录的变动
(1)在前面基于IP的基础上添加server_name一行即可
2.使用hpasswd为用户创建密码文件,并指定到刚才指定的密码文件webck
一.静态页面
要关闭apache的httpd
- [root@localhost conf]# systemctl status httpd.service
- ● httpd.service - The Apache HTTP Server
- Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
- Active: inactive (dead)
- Docs: man:httpd(8)
- man:apachectl(8)
1.更改页面内容
找到自己的nginx安装目录里的html目录,修改index.html
- [root@localhost html]# pwd
- /usr/local/src/nginx-1.22.0/html
- [root@localhost html]# cat index.html
- <h1>nginx</h1>
2.更改配置文件
nginx安装目录里的nginx.conf文件
- [root@localhost conf]# pwd
- /usr/local/src/nginx-1.22.0/conf
- [root@localhost conf]# vim nginx.conf
找到server内的区块位置,更改工作目录和指定html文件
- server {
- listen 80;
- server_name localhost;
-
- #charset koi8-r;
-
- #access_log logs/host.access.log main;
-
- location / {
- root /usr/local/src/nginx-1.22.0/html; #你的html文件存放目录
- index index.html; #如果前面页面文件是其它名字,这里要更改一致
- }
-
- #error_page 404 /404.html;
-
- # redirect server error pages to the static page /50x.html
- #
- error_page 500 502 503 504 /50x.html;
- location = /50x.html {
- root html;
- }
- }
- [root@localhost conf]# systemctl restart nginx
3.测试
二.虚拟主机配置
1.基于IP
(1)在html目录下新建目录存放测试文件
- [root@localhost html]# ll
- total 8
- -rw-r--r-- 1 1001 1001 497 May 24 2022 50x.html
- -rw-r--r-- 1 1001 1001 15 Aug 10 10:13 index.html
- drwxr-xr-x 2 root root 43 Aug 10 11:53 ip
- drwxr-xr-x 2 root root 6 Aug 10 11:51 port
- [root@localhost html]# pwd
- /usr/local/src/nginx-1.22.0/html
- [root@localhost html]# cat ip/index.html ip/index1.html
- 190
- 195
(2)修改nginx.conf文件,在htttp模块中配置两个server模块分别对应两个IP
- server {
- listen 192.168.2.190;
- location / {
- root /usr/local/src/nginx-1.22.0/html/ip;
- index index.html index.htm;
- }
- }
- server {
- listen 192.168.2.195;
- location / {
- root /usr/local/src/nginx-1.22.0/html/ip;
- index index1.html index.htm;
- }
- }
- [root@localhost conf]# systemctl restart nginx
(3)测试
2.基于端口
(1)创建测试界面
- [root@localhost html]# cat port/index.html port/index1.html
- 8090
- 8099
(2)同样在http模块中添加server模块,注意工作目录的变动
- server {
- listen 8090;
- location / {
- root /usr/local/src/nginx-1.22.0/html/port;
- index index.html index.htm;
- }
- }
- server {
- listen 8099;
- location / {
- root /usr/local/src/nginx-1.22.0/html/port;
- index index1.html index.htm;
- }
- }
- [root@localhost conf]# systemctl restart nginx
(3)测试
3.基于域名
(1)在前面基于IP的基础上添加server_name一行即可
- server {
- listen 192.168.2.190;
- server_name www.aabb.com;
- location / {
- root /usr/local/src/nginx-1.22.0/html/ip;
- index index.html index.htm;
- }
- }
- server {
- listen 192.168.2.195;
- server_name www.llss.com;
- location / {
- root /usr/local/src/nginx-1.22.0/html/ip;
- index index1.html index.htm;
- }
- }
- [root@localhost conf]# systemctl restart nginx
(2)修改/etc/hosts文件
Linux
- [root@localhost conf]# vim /etc/hosts
- 192.168.2.190 www.aabb.com
- 192.168.2.195 www.llss.com
windows
通过powershell使用notepad修改hosts文件
- Windows PowerShell
- 版权所有(C) Microsoft Corporation。保留所有权利。
-
- 安装最新的 PowerShell,了解新功能和改进!https://aka.ms/PSWindows
-
- PS C:\WINDOWS\system32> cd .\drivers\etc\
-
- PS C:\WINDOWS\system32\drivers\etc> notepad .\hosts
- PS C:\WINDOWS\system32\drivers\etc>
(3)测试
三.nginx错误日志和访问日志配置
1. 在server模块中指定日志类型和日志存放目录即可
2.测试两边后查看
- [root@localhost logs]# cat access.log
- 192.168.2.2 - - [10/Aug/2023:14:06:00 +0800] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.200"
- 192.168.2.2 - - [10/Aug/2023:14:06:00 +0800] "GET /favicon.ico HTTP/1.1" 404 555 "http://192.168.2.190/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.200"
- [root@localhost logs]# cat error.log
- 2023/08/10 14:06:00 [error] 59751#59751: *1 open() "/usr/local/src/nginx-1.22.0/html/ip/favicon.ico" failed (2: No such file or directory), client: 192.168.2.2, server: www.aabb.com, request: "GET /favicon.ico HTTP/1.1", host: "192.168.2.190", referrer: "http://192.168.2.190/"
- [root@localhost logs]# pwd
- /usr/local/src/nginx-1.22.0/logs
四.基于主机访问控制
1.修改nginx.conf文件
修改server区块内的location块,deny表示禁止这台主机访问,allow表示允许,可以使用all表示禁止/允许所有,一定要注意匹配顺序是从上至下,下例也就表示允许除2.191外的主机访问
- server {
- listen 192.168.2.190;
- server_name www.aabb.com;
- error_log /usr/local/src/nginx-1.22.0/logs/error.log;
- access_log /usr/local/src/nginx-1.22.0/logs/access.log;
- location / {
- root /usr/local/src/nginx-1.22.0/html/ip;
- index index.html index.htm;
- deny 192.168.2.191;
- allow all;
- #deny 192.168.2.0/24; 可以指定一个网段
- }
- }
- [root@localhost conf]# systemctl restart nginx.service
2.到其他主机上测试
(1)191主机
- [root@localhost ~]# ip a | grep ens33
- 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
- inet 192.168.2.191/24 brd 192.168.2.255 scope global noprefixroute ens33
- [root@localhost ~]# curl 192.168.2.190
- <html>
- <head><title>403 Forbidden</title></head>
- <body>
- <center><h1>403 Forbidden</h1></center>
- <hr><center>nginx/1.22.0</center>
- </body>
- </html>
(2)180主机
- [root@localhost ~]# ip a | grep ens160
- 2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
- inet 192.168.2.180/24 brd 192.168.2.255 scope global noprefixroute ens160
- [root@localhost ~]# curl 192.168.2.190
- 190
五.基于用户访问控制
1.修改nginx.conf文件
- server {
- listen 192.168.2.190;
- server_name www.aabb.com;
- error_log /usr/local/src/nginx-1.22.0/logs/error.log;
- access_log /usr/local/src/nginx-1.22.0/logs/access.log;
- location / {
- root /usr/local/src/nginx-1.22.0/html/ip;
- index index.html index.htm;
- allow all;
- auth_basic "here"; #加上这两行,这行是出现在第一次访问Nginx站点的弹出框内
- auth_basic_user_file /usr/local/src/nginx-1.22.0/conf/webck; #指定密码文件
- }
- }
- [root@localhost conf]# pwd
- /usr/local/src/nginx-1.22.0/conf
- [root@localhost conf]# ll | grep webck
- -rw-r--r-- 1 root root 22 Aug 10 18:54 webck
2.使用hpasswd为用户创建密码文件,并指定到刚才指定的密码文件webck
- [root@localhost conf]# htpasswd -c -d /usr/local/src/nginx-1.22.0/conf/webck sulibao
- New password:
- Re-type new password:
- Warning: Password truncated to 8 characters by CRYPT algorithm.
- Adding password for user sulibao
- [root@localhost conf]# cat webck
- sulibao:8sWMglgDCLsGQ #密码已加密
- [root@localhost conf]# systemctl restart nginx
3.测试
六.缓存配置
expires参数,下例表示对以这些后缀结尾的图片文件缓存30天
- server {
- listen 192.168.2.190;
- server_name www.aabb.com;
- error_log /usr/local/src/nginx-1.22.0/logs/error.log;
- access_log /usr/local/src/nginx-1.22.0/logs/access.log;
- location / {
- root /usr/local/src/nginx-1.22.0/html/ip;
- index index.html index.htm;
- allow all;
- auth_basic "here";
- auth_basic_user_file /usr/local/src/nginx-1.22.0/conf/webck;
- }
- location ~ .*\.(gif|jpg|png)$ {
- expires 30d;
- }
- }
七.配置服务器记录真实IP地址
1.构建环境
三台设备,设备1(2.190)部署nginx环境,设备2(2.191)部署nginx,设备3(2.193)apache环境,保证都有区别的web页面内容
2.配置反向代理
(1)基于源码安装的nginx环境下修改nginx.conf(设备1)
- [root@localhost conf]# pwd
- /usr/local/src/nginx-1.22.0/conf
- [root@localhost conf]# vim nginx.conf
- worker_processes 1;
- events {
- worker_connections 1024;
- }
- http {
- include mime.types;
- default_type application/octet-stream;
- sendfile on;
- keepalive_timeout 65;
- error_log /usr/local/src/nginx-1.22.0/logs/error.log;
- access_log /usr/local/src/nginx-1.22.0/logs/access.log;
- server {
- listen 80;
- server_name www.aabb.com;
- location / {
- proxy_pass http://192.168.2.191;
- }
- }
- server {
- listen 80;
- server_name www.llss.com;
- location / {
- proxy_pass http://192.168.2.193;
- }
- }
- }
(2)通过windows powershell进行修改hosts文件并测试
- PS C:\WINDOWS\system32> cd .\drivers\etc\
-
- PS C:\WINDOWS\system32\drivers\etc> notepad .\hosts
-
- PS C:\WINDOWS\system32\drivers\etc>
(3)设备2和设备3上查看日志,可以看到访问来源都是代理服务器(2.190)而不是真实客户端地址
3.实现两台web服务器记录真实客户端IP地址
(1)Nginx代理服务器配置
设备1,在proxy_pass后继续添加以下内容
- server {
- listen 80;
- server_name www.aabb.com;
- location / {
- proxy_pass http://192.168.2.191;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- }
- }
- server {
- listen 80;
- server_name www.llss.com;
- location / {
- proxy_pass http://192.168.2.193;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $http_x_forwarded_for;
- }
- }
设备2,修改nginx.conf文件,在index下方继续添加以下内容
- server {
- listen 80;
- server_name localhost;
- access_log logs/access.log;
- location / {
- root /usr/local/src/nginx-1.22.0/html;
- index index.html index.htm;
- set_real_ip_from 192.168.2.190; #此处填写你的nginx代理服务器的地址
- real_ip_header X-Forwarded-For;
- real_ip_recursive on;
- }
浏览器访问后设备2查看日志
通过浏览器访问传回虚拟机的这个访问地址是windows上的虚拟网卡VMnet8的地址
设备3做域名映射后访问设备2查看日志以进一步验证
- #修改/etc/hosts文件后查看
- [root@localhost ~]# tail -1 /etc/hosts
- 192.168.2.190 www.aabb.com
- [root@localhost ~]# curl www.aabb.com
- 191
(2)Apache类的web服务器
设备3,修改httpd.conf文件
- [root@localhost conf]# pwd
- /etc/httpd/conf
- [root@localhost conf]# vim httpd.conf
把原本这里的第一行LogFormat换成这个
- LogFormat "%{X-FORWARDED-FOR}i %h %l %u %t %r %>s %b %{Referer}i %{User-Agent}i" combined
- [root@localhost conf]# systemctl restart httpd.service
浏览器访问设备3进行测试
返回了真实地址和nginx代理服务器的真实地址
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/小蓝xlanll/article/detail/690072
推荐阅读
相关标签
