/ 中存储网

前端Varnish让后端Nginx获取访客真实ip的设置方法

2013-11-10 09:42:01 来源:IT技术网
 当使用varnish做前端缓存的时候,想要让后端nginx获取客户真实ip,其实方法跟nginx做前端让后端nginx获取客户的真实ip是差不多的,想了解nginx做前端让后端获取客户真实ip请看这篇文章nginx proxy获取用户真实ip.下面我们来看看varnish的做法.

系统:centos 5.9

环境:前端varnish

后端lnmp

1.先在前端服务器安装varnish

wget http://repo.varnish-cache.org/source/varnish-3.0.0.tar.gz

tar zxf varnish-3.0.0.tar.gz && cd varnish-3.0.0

./configure --prefix=/usr/local/varnish

make && make install

cp /usr/local/varnish/etc/varnish/default.vcl /usr/local/varnish/etc/varnish/default.vcl.old

vi /usr/local/varnish/etc/varnish/default.vcl

backend  www {  

.host = "blog.slogra.com";  

.port = "80";  

}  

#acl  

acl purge {  

"localhost";  

"127.0.0.1";  

"192.168.0.0"/24;  

}  

sub vcl_recv {  

if (req.http.Accept-Encoding) {  

if (req.url ~ ".(jpg|png|gif|jpeg|flv)$" ) {  

remove req.http.Accept-Encoding;  

remove req.http.Cookie;  

} else if (req.http.Accept-Encoding ~ "gzip") {  

set req.http.Accept-Encoding = "gzip";  

} else if (req.http.Accept-Encoding ~ "deflate") {  

set req.http.Accept-Encoding = "deflate";  

} else {  

remove req.http.Accept-Encoding;  

}  

}  

if (req.http.host ~  "(.*)slogra.com") {  

     set req.backend = www;  

}  

else {  

      error 404 "This website is maintaining or not exist!";  

}  

if (req.request == "PURGE") {  

if (!client.ip ~purge) {  

error 405 "Not Allowed";  

}  

#.dd.....  

return(lookup);  

}  

#...GET...url...jpg,png,gif. ..cookie  

if (req.request == "GET"&& req.url ~ ".(png|gif|jpeg|jpg|ico|swf|css|js|html|htm|gz|tgz|bz2|tbz|mp3|ogg|mp4|flv|f4v|pdf)$") {  

unset req.http.cookie;  

}  

#..GET...url.php....cache....  

if (req.request =="GET"&&req.url ~ ".php($|?)"){  

return (pass);  

}  

#   }  

#........pipe..  

if (req.request != "GET" &&  

req.request != "HEAD" &&  

req.request != "PUT" &&  

req.request != "POST" &&  

req.request != "TRACE" &&  

req.request != "OPTIONS" &&  

req.request != "DELETE") {  

return (pipe);  

}  

#..GET .HEAD.....  

if (req.request != "GET" && req.request != "HEAD") {  

return (pass);  

}  

if (req.http.Authorization) {  

return (pass);  

}  

return (lookup);  

}  

#..url+host hash......  

sub vcl_hash {  

hash_data(req.url);  

if (req.http.host) {  

hash_data(req.http.host);  

} else {  

hash_data(server.ip);  

}  

return (hash);  

}  

# .....purge .....  

sub vcl_hit {  

if (req.request == "PURGE") {  

set obj.ttl = 0s;  

error 200 "Purged";  

}  

return (deliver);  

}  

sub vcl_fetch {  

if (req.url ~ ".(jpeg|jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|ico|swf|flv|dmg|js|css|html|htm)$") {  

 set beresp.ttl = 2d;  

 set berespberesp.http.expires = beresp.ttl;  

 set beresp.http.Cache-Control = "max-age=172800";  

 unset beresp.http.set-cookie;  

}  

if (req.url ~ ".(dmg|js|css|html|htm)$") {  

 set beresp.do_gzip = true;  

}  

if (beresp.status == 503) {  

       set beresp.saintmode = 15s;  

}  

}  

sub vcl_deliver {  

set resp.http.x-hits = obj.hits ;  

if (obj.hits > 0) {  

set resp.http.X-Cache = "HIT You!";  

} else {  

set resp.http.X-Cache = "MISS Me!";  

}  

}  

2.修改varnish配置文件

vi /usr/local/varnish/etc/varnish/default.vcl

backend  www {  

.host = "blog.slogra.com";  

.port = "80";  

}  

#acl  

acl purge {  

"localhost";  

"127.0.0.1";  

"192.168.0.0"/24;  

}  

sub vcl_recv {  

remove req.http.X-real-ip;  

set req.http.X-real-ip = client.ip;  

set req.http.X-Forwarded-For = client.ip; 

if (req.http.Accept-Encoding) {  

if (req.url ~ ".(jpg|png|gif|jpeg|flv)$" ) {  

remove req.http.Accept-Encoding;  

remove req.http.Cookie;  

} else if (req.http.Accept-Encoding ~ "gzip") {  

set req.http.Accept-Encoding = "gzip";  

} else if (req.http.Accept-Encoding ~ "deflate") {  

set req.http.Accept-Encoding = "deflate";  

} else {  

remove req.http.Accept-Encoding;  

}  

}  

以下省略.

可以看到我在sub vcl_recv { 下添加3行语句

remove req.http.X-real-ip;  

set req.http.X-real-ip = client.ip;  

set req.http.X-Forwarded-For = client.ip; 

3.修改后端nginx配置

vi /etc/nginx/nginx.conf

在http选项配置中添加下面语句:

set_real_ip_from nginx_proxy_ip/24;

set_real_ip_from nginx_proxy_ip;

real_ip_header X-Real-IP;

例子:

set_real_ip_from 192.168.10.0/24;

set_real_ip_from 192.168.10.6;

real_ip_header X-Real-IP;

4.在后端网站中添加php文件

vi i.php

<?php

echo $_SERVER['REMOTE_ADDR'];