nginx多层反代配置变量proxy_set

nginx多层反代配置变量proxy_set_header

Nginx多层反代配置变量proxy_set_header过程记录

第一层代理：

（1）路径：

$ vim /data/soft/nginx/conf/vhost/xixi.conf

（2）内容：（注:此处变量名需中划线。）

server {

listen 80;

server_name api.xxx.com api.yyyy.com api.cun.com;

access_log /log/nginx/xiaojicdn.api.log main;

root /data/www/pay/;

location /member {

proxy_intercept_errors on;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header real-remote $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_pass http://member.srv;

}

location /discount {

proxy_intercept_errors on;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header real-remote $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_pass http://discount.srv;

}

location /pay {

proxy_intercept_errors on;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header real-remote $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_pass http://pay.srv;

}

location /agent {

proxy_intercept_errors on;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header real-remote $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_pass http://agent.srv;

}

location =/pay.html {

expires 10s;

}

location =/ {

index index.html payment.html;

}

error_page 404 /404.html;

error_page 500 502 503 504 /500.html;

location = /500.html {

default_type application/json;

add_header Content-Type 'application/json; charset=utf-8';

return 200 '{"status":2, "msg":"Server Error!"}';

}

location = /404.html {

default_type application/json;

add_header Content-Type 'application/json; charset=utf-8';

return 200 '{"status":2, "msg":"Request Uri Not Found!"}';

}

第二层代理：

（1）路径：

$ vim /data/soft/nginx/conf/vhost/xixi.conf

（2）内容：（注:此处变量获取需加http头，并且中划线要变为下划线。）

server {

listen 5675;

server_name m.ttcn.com m.xxy.com api.xxx.com api.xxg.com api.ren.com;

access_log /log/nginx/xiaoji.game.api.log main;

location /member {

proxy_intercept_errors on;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $http_real_remote;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_pass http://member.srv;

}

location /discount {

proxy_intercept_errors on;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $http_real_remote;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_pass http://discount.srv;

}

location /pay {

proxy_intercept_errors on;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $http_real_remote;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_pass http://pay.srv;

}

location /agent {

proxy_intercept_errors on;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $http_real_remote;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_pass http://agent.srv;

}

error_page 404 /404.html;

error_page 500 502 503 504 /500.html;

location = /500.html {

default_type application/json;

add_header Content-Type 'application/json; charset=utf-8';

return 200 '{"status":2, "msg":"Server Error!"}';

}

location = /404.html {

default_type application/json;

add_header Content-Type 'application/json; charset=utf-8';

return 200 '{"status":2, "msg":"Request Uri Not Found!"}';

}

（3）路径：

$ vim /data/soft/nginx/conf/nginx.conf

（4）内容：

user root;

worker_processes 8;

worker_rlimit_nofile 65535;

worker_cpu_affinity auto;

daemon on;

error_log /log/nginx/error.log error;

pid /log/nginx/nginx.pid;

events {

use epoll;

worker_connections 65535;

}

http {

include mime.types;

include upstream.conf;

default_type text/plain;

### core

charset utf-8;

server_names_hash_bucket_size 128;

server_names_hash_max_size 512;

connection_pool_size 512;

server_tokens off;

chunked_transfer_encoding on;

### tcp/socket/DDOS

sendfile on;

tcp_nopush on;

tcp_nodelay on;

client_body_timeout 15s;

client_header_timeout 15s;

send_timeout 15s;

resolver_timeout 5s;

keepalive_requests 500;

keepalive_timeout 45s;

### open file

open_file_cache max=60000 inactive=60s;

open_file_cache_valid 60s;

open_file_cache_min_uses 1;

open_file_cache_errors on;

### client buffer

client_header_buffer_size 4k;

large_client_header_buffers 8 16k;

ignore_invalid_headers on;

client_body_buffer_size 16k;

client_max_body_size 10m;

client_body_temp_path client_body_temp;

### response config

output_buffers 4 32k;

### gzip

gzip on;

gzip_http_version 1.1;

gzip_disable "msie6";

gzip_comp_level 5;

gzip_min_length 100;

gzip_proxied any;

gzip_buffers 16 4k;

gzip_vary on;

# gzip types

gzip_types text/plain;

gzip_types text/css;

gzip_types application/javascript;

gzip_types application/json;

gzip_types application/vnd.ms-fontobject;

gzip_types application/x-font-ttf;

gzip_types font/opentype;

gzip_types image/svg+xml;

gzip_types image/x-icon;

### proxy cache

proxy_connect_timeout 5;

proxy_read_timeout 30;

proxy_send_timeout 10;

proxy_http_version 1.1;

proxy_request_buffering on;

proxy_buffering on;

proxy_buffer_size 4k;

proxy_buffers 32 4k;

proxy_busy_buffers_size 16k;

proxy_max_temp_file_size 1024m;

proxy_temp_file_write_size 32k;

proxy_ignore_client_abort off;

proxy_intercept_errors on;

proxy_limit_rate 0;

proxy_pass_request_body on;

proxy_pass_request_headers on;

proxy_next_upstream error timeout http_502;

#proxy_cache proxy_cache1;

proxy_cache off;

proxy_cache_key $scheme$proxy_host$request_uri;

proxy_cache_lock_age 5s;

proxy_cache_lock_timeout 5s;

proxy_cache_methods GET HEAD;

proxy_cache_min_uses 1;

proxy_cache_valid 200 302 1m;

proxy_cache_valid 301 1h;

proxy_cache_valid any 1m;

proxy_cache_path /log/nginx/proxy_cache levels=1:2 keys_zone=proxy_cache1:4096m inactive=60s max_size=4g;

proxy_temp_path /log/nginx/proxy_cache_tmp;

### connection limit

#limit_conn_zone $binary_remote_addr zone=perip:100m;

#limit_conn_status 503;

#limit_conn_log_level error;

#limit_conn perip 6;

### request limit

#limit_req_zone $binary_remote_addr zone=pereq:200m rate=2r/s;

#limit_req zone=pereq burst=5 nodelay;

#limit_req_log_level error;

#limit_req_status 503;

### limit response

#limit_rate 4k;

#limit_rate_after 500k;

### log format

log_format main escape=json

'{"nx_localtime@timestamp":"$time_local",'

'"nx_host":"$server_addr",'

'"nx_client_ip":"$http_real_remote",'

'"nx_body_size":$body_bytes_sent,'

'"nx_request_time":$request_time,'

'"nx_scheme":"$scheme",'

'"nx_http_host":"$host",'

'"nx_request_method":"$request_method",'

'"nx_uri":"$uri",'

'"nx_status":$status,'

'"nx_referer":"$http_referer",'

'"nx_agent":"$http_user_agent",'

'"nx_upstream_host":"$upstream_addr",'

'"nx_upstream_time":$upstream_response_time,'

'"nx_upstream_response_length":$upstream_response_length,'

'"nx_upstream_status":$upstream_status,'

'"nx_upstream_connect_time":$upstream_connect_time}';

open_log_file_cache max=1000 inactive=60s min_uses=1 valid=60s;

access_log off;

#access_log /log/nginx/access.log main buffer=1M gzip=4 flush=5m;

log_not_found on;

### forbit ip access

server {

listen 80 default;

server_name _;

return 404;

}

include vhost/*.conf;

}

（5）查看日志内容：

则client_ip为真是的远程客户端访问ip，而不是第一层代理或者第一层代理和远程客户端两个IP了。