Nginx获取自定义头部header的值
http://blog.csdn.net/xbynet/article/details/51899286?_t=t
http://shift-alt-ctrl.iteye.com/blog/2331455
http://blog.csdn.net/bao19901210/article/details/52537279
在参考了资料:
http://stackoverflow.com/questions/8393772/how-to-get-non-standard-http-headers-on-nginx
http://nginx.org/en/docs/http/ngx_http_core_module.html#underscores_in_headers
http://serverfault.com/questions/297225/nginx-passing-back-custom-header
https://easyengine.io/tutorials/nginx/forwarding-visitors-real-ip/
http://www.ttlsa.com/nginx/nginx-proxy_set_header/
后得到如下:
1、nginx是支持读取非nginx标准的用户自定义header的,但是需要在http或者server下开启header的下划线支持:
- underscores_in_headers on;
2、比如我们自定义header为X-Real-IP,通过第二个nginx获取该header时需要这样:
- $http_x_real_ip; (一律采用小写,而且前面多了个http_)
3、如果需要把自定义header传递到下一个nginx:
- 如果是在nginx中自定义采用proxy_set_header X_CUSTOM_HEADER $http_host;
- 如果是在用户请求时自定义的header,例如curl –head -H “X_CUSTOM_HEADER: foo” http://domain.com/api/test,则需要通过
proxy_pass_header X_CUSTOM_HEADER
来传递
注意nginx 1.11.x后的版本才支持 request_id 内置变量
示例:
http{ underscores_in_headers on;
upstream myServer {
server 127.0.0.1:8082;
}
server { listen 80; server_name localhost; location / { proxy_set_header Some-Thing $http_x_custom_header;; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://myServer; } } }
示例:
网络架构:
源站 <--> 1层nginx代理 <--> 2层nginx代理 <--> CDN <-->客户端
2层代理 nginx.conf
underscores_in_headers on; log_format main '$http_x_forwarded_for`$remote_addr`$proxy_add_x_forwarded_for`[$time_local]`"$request"`'
'$status`$body_bytes_sent`"$http_referer"`'
'"$http_user_agent"`"$request_time"`'
'$request_id`$upstream_response_time`$upstream_addr`$upstream_connect_time`$upstream_status';
2层代理站点配置:
location中设置 proxy_set_header
upstream pc_proxy_group_ssl {
ip_hash;
zone pc_proxy_group_ssl_up 1m;
server x.x.x.x:443 weight=10;
server x.x.x.x2:443 weight=10;
check interval=3000 rise=2 fall=5 timeout=2000 type=ssl_hello;
}
server {
listen 443 ssl;
server_name www.xx.com;
access_log logs/www.xx.com.access.log main;
ssl on;
ssl_certificate SSL_Certificate/xx.com/_.xx.com.cer;
ssl_certificate_key SSL_Certificate/xx.com/_.xx.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:WEAK112TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:FS256TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
ssl_prefer_server_ciphers on; location / {
proxy_pass https://pc_proxy_group_ssl;
proxy_redirect default;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Request-ID $request_id; }
}
注意:
如果想把 proxy_set_header 设置在 http 块全部生效,那么,server块、location块中不能再出现 proxy_set_header,如果能则不继续
1层代理nginx.conf配置:
user nginx nginx;
worker_processes auto;
worker_cpu_affinity auto; error_log logs/error.log;
pid logs/nginx.pid;
worker_rlimit_nofile 65535; events {
use epoll;
worker_connections 65535;
} http {
## HttpGuard
lua_package_path "/etc/nginx/httpGuard/?.lua";
lua_shared_dict dict_system 10m;
lua_shared_dict dict_black 50m;
lua_shared_dict dict_white 50m;
lua_shared_dict dict_challenge 100m;
lua_shared_dict dict_byDenyIp 30m;
lua_shared_dict dict_byWhiteIp 30m;
lua_shared_dict dict_captcha 70m;
lua_shared_dict dict_others 30m;
lua_shared_dict dict_perUrlRateLimit 30m;
lua_shared_dict dict_needVerify 30m;
init_by_lua_file "/etc/nginx/httpGuard/init.lua";
access_by_lua_file "/etc/nginx/httpGuard/runtime.lua";
lua_max_running_timers 1; include mime.types;
default_type application/octet-stream;
log_format main '$http_x_forwarded_for`$remote_addr`$proxy_add_x_forwarded_for`[$time_local]`"$request"`'
'$status`$body_bytes_sent`"$http_referer"`'
'"$http_user_agent"`"$request_time"`'
'$http_x_request_id`$upstream_response_time`$upstream_addr`$upstream_connect_time`$upstream_status'; log_format access '$remote_addr`[$time_local]`"$request"`'
'$status`$body_bytes_sent`"$http_referer"`'
'"$http_user_agent"`"$http_x_forwarded_for"`'
'$http_x_request_id`$upstream_response_time`$upstream_addr`$upstream_connect_time`$upstream_status'; # proxy_ignore_client_abort on;
proxy_headers_hash_max_size 2048;
proxy_headers_hash_bucket_size 256;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 60;
server_tokens off;
proxy_hide_header X-Powered-By;
proxy_hide_header X-AspNet-Version; gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on; client_max_body_size 100m;
client_body_buffer_size 128k;
client_body_temp_path /dev/shm/client_body_temp;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
proxy_buffer_size 16k;
proxy_buffers 32 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /dev/shm/proxy_temp; map $http_x_forwarded_for $clientRealIp {
"" $remote_addr;
~^(?P<firstAddr>[0-9\.]+),?.*$ $firstAddr;
} include /etc/nginx/conf.d/*.conf; }
1层代理站点配置:
upstream pc_proxy_group {
ip_hash;
zone pc_proxy_group_ssl_up 1m;
server x.x.x.x:8080 weight=10;
server x.x.x.x2:8080 weight=10;
check interval=3000 rise=2 fall=5 timeout=2000 type=http;
check_http_send "GET /do_not_delete/check.html HTTP/1.0\r\n\r\n";
} server {
listen 443 ssl;
server_name www.xx.com;
access_log logs/www.xx.com.access.log main;
ssl on;
ssl_certificate SSL_Certificate/xx.com/_.xx.com.cer;
ssl_certificate_key SSL_Certificate/xx.com/_.xx.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:WEAK112TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:FS256TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
ssl_prefer_server_ciphers on; location / {
proxy_pass http://pc_proxy_group;
proxy_redirect default;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }
}
若源站为IIS,可使用IIS 高级日志记录获取httpd头 X-Request-ID,其他web容器通过其他方法获取请求ID
最新文章
- AI(Adobe Illustrator)简单入门——米老鼠
- Nuget-使用图形化界面打包自己的类库
- Controller中使用过滤器
- Bootstrap3.0学习第十八轮(JavaScript插件——下拉菜单)
- Storyboard里面的几种Segue区别和视图的切换
- Linux下的getline函数
- 多线程12-CyclicBarrier、CountDownLatch、Exchanger
- Orleans的集群构建
- Check whether a remote server port is open on Linux
- 51nod 1770 数数字
- struts2中的使用BaseAction获取Session
- abaqus 帮助文档 Substructure(子结构) 理论
- 计算机基础:计算机网络-chapter3
- MySQL主从介绍 准备工作 配置主 配置从 测试主从同步
- Tomcat配置Manager管理员
- VS2017断点调试UNITY2018.3 经常卡住的问题
- 【咸鱼教程】Egret可长按识别二维码(精确位置和大小)
- @meida 媒体查询
- Junit3.8源码--核心类
- RTSP服务端转发服务(live555库中的testH264VideoStreamer.cpp和testOnDemandRTSPServer.cpp实例)