varnish前端让后端nginx获取客户真实ip

当使用varnish做前端缓存的时候,想要让后端nginx获取客户真实ip,其实方法跟nginx做前端让后端nginx获取客户的真实ip是差不多的,想了解nginx做前端让后端获取客户真实ip请看这篇文章nginx
proxy获取用户真实ip.下面我们来看看varnish的做法.

系统:centos 5.9

环境:前端varnish

后端lnmp

1.先在前端服务器安装varnish

wget http://repo.varnish-cache.org/source/varnish-3.0.0.tar.gz
tar zxf varnish-3.0.0.tar.gz && cd varnish-3.0.0

./configure --prefix=/usr/local/varnish

make && make install

cp /usr/local/varnish/etc/varnish/default.vcl /usr/local/varnish/etc/varnish/default.vcl.old

vi /usr/local/varnish/etc/varnish/default.vcl

backend www {

.host = "blog.slogra.com";

.port = "80";

}

#acl

acl purge {

"localhost";

"127.0.0.1";

"192.168.0.0"/24;

}

sub vcl_recv {

if (req.http.Accept-Encoding) {

if (req.url ~ "\.(jpg|png|gif|jpeg|flv)$" ) {

remove req.http.Accept-Encoding;

remove req.http.Cookie;

} else if (req.http.Accept-Encoding ~ "gzip") {

set req.http.Accept-Encoding = "gzip";

} else if (req.http.Accept-Encoding ~ "deflate") {

set req.http.Accept-Encoding = "deflate";

} else {

remove req.http.Accept-Encoding;

}

}

if (req.http.host ~ "(.*)slogra.com") {

set req.backend = www;

}

else {

error 404 "This website is maintaining or not exist!";

}

if (req.request == "PURGE") {

if (!client.ip ~purge) {

error 405 "Not Allowed";

}

#.dd.....

return(lookup);

}

#...GET...url...jpg,png,gif. ..cookie

if (req.request == "GET"&& req.url ~ "\.(png|gif|jpeg|jpg|ico|swf|css|js|html|htm|gz|tgz|bz2|tbz|mp3|ogg|mp4|flv|f4v|pdf)$") {

unset req.http.cookie;

}

#..GET...url.php....cache....

if (req.request =="GET"&&req.url ~ "\.php($|\?)"){

return (pass);

}

# }

#........pipe..

if (req.request != "GET" &&

req.request != "HEAD" &&

req.request != "PUT" &&

req.request != "POST" &&

req.request != "TRACE" &&

req.request != "OPTIONS" &&

req.request != "DELETE") {

return (pipe);

}

#..GET .HEAD.....

if (req.request != "GET" && req.request != "HEAD") {

return (pass);

}

if (req.http.Authorization) {

return (pass);

}

return (lookup);

}

#..url+host hash......

sub vcl_hash {

hash_data(req.url);

if (req.http.host) {

hash_data(req.http.host);

} else {

hash_data(server.ip);

}

return (hash);

}

# .....purge .....

sub vcl_hit {

if (req.request == "PURGE") {

set obj.ttl = 0s;

error 200 "Purged";

}

return (deliver);

}

sub vcl_fetch {

if (req.url ~ "\.(jpeg|jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|ico|swf|flv|dmg|js|css|html|htm)$") {

set beresp.ttl = 2d;

set berespberesp.http.expires = beresp.ttl;

set beresp.http.Cache-Control = "max-age=172800";

unset beresp.http.set-cookie;

}

if (req.url ~ "\.(dmg|js|css|html|htm)$") {

set beresp.do_gzip = true;

}

if (beresp.status == 503) {

set beresp.saintmode = 15s;

}

}

sub vcl_deliver {

set resp.http.x-hits = obj.hits ;

if (obj.hits > 0) {

set resp.http.X-Cache = "HIT You!";

} else {

set resp.http.X-Cache = "MISS Me!";

}

}

2.修改varnish配置文件

vi /usr/local/varnish/etc/varnish/default.vcl

backend www {

.host = "blog.slogra.com";

.port = "80";

}

#acl

acl purge {

"localhost";

"127.0.0.1";

"192.168.0.0"/24;

}

sub vcl_recv {

remove req.http.X-real-ip;

set req.http.X-real-ip = client.ip;

set req.http.X-Forwarded-For = client.ip;

if (req.http.Accept-Encoding) {

if (req.url ~ "\.(jpg|png|gif|jpeg|flv)$" ) {

remove req.http.Accept-Encoding;

remove req.http.Cookie;

} else if (req.http.Accept-Encoding ~ "gzip") {

set req.http.Accept-Encoding = "gzip";

} else if (req.http.Accept-Encoding ~ "deflate") {

set req.http.Accept-Encoding = "deflate";

} else {

remove req.http.Accept-Encoding;

}

}

以下省略.

可以看到我在sub vcl_recv { 下添加3行语句

remove req.http.X-real-ip;

set req.http.X-real-ip = client.ip;

set req.http.X-Forwarded-For = client.ip;

3.修改后端nginx配置

vi /etc/nginx/nginx.conf

在http选项配置中添加下面语句:

set_real_ip_from nginx_proxy_ip/24;

set_real_ip_from nginx_proxy_ip;

real_ip_header X-Real-IP;

例子:

set_real_ip_from 192.168.10.0/24;

set_real_ip_from 192.168.10.6;

real_ip_header X-Real-IP;

4.在后端网站中添加php文件

vi i.php

<?php

echo $_SERVER['REMOTE_ADDR'];