Nginx获取⾃定义头部header的值
后得到如下:
1、nginx是⽀持读取⾮nginx标准的⽤户⾃定义header的,但是需要在http或者server下开启header的下划线⽀持:
underscores_in_headers on;
2、⽐如我们⾃定义header为X-Real-IP,通过第⼆个nginx获取该header时需要这样:
$http_x_real_ip; (⼀律采⽤⼩写,⽽且前⾯多了个http_)3、如果需要把⾃定义header传递到下⼀个nginx:
如果是在nginx中⾃定义采⽤proxy_set_header X_CUSTOM_HEADER $http_host;
如果是在⽤户请求时⾃定义的header,例如curl –head -H “X_CUSTOM_HEADER: foo” ,则需要通过proxy_pass_header X_CUSTOM_HEADER来传递
注意nginx 1.11.x后的版本才⽀持 request_id 内置变量 ⽰例:
http{
underscores_in_headers on; upstream myServer { server 127.0.0.1:8082; }
server { listen 80; server_name localhost; location / { proxy_set_header Some-Thing $http_x_custom_header;; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://myServer; } } }
⽰例: ⽹络架构:
源站 <--> 1层nginx代理 <--> 2层nginx代理 <--> CDN <-->客户端
2层代理 nginx.conf
underscores_in_headers on;
log_format main '$http_x_forwarded_for`$remote_addr`$proxy_add_x_forwarded_for`[$time_local]`\"$request\"`' '$status`$body_bytes_sent`\"$http_referer\"`' '\"$http_user_agent\"`\"$request_time\"`'
'$request_id`$upstream_response_time`$upstream_addr`$upstream_connect_time`$upstream_status';
2层代理站点配置:
location中设置 proxy_set_header
upstream pc_proxy_group_ssl { ip_hash;
zone pc_proxy_group_ssl_up 1m; server x.x.x.x:443 weight=10; server x.x.x.x2:443 weight=10;
check interval=3000 rise=2 fall=5 timeout=2000 type=ssl_hello;}
server {
listen 443 ssl;
server_name www.xx.com;
access_log logs/www.xx.com.access.log main; ssl on;
ssl_certificate SSL_Certificate/xx.com/_.xx.com.cer; ssl_certificate_key SSL_Certificate/xx.com/_.xx.com.key; ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:WEAK112TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:FS256TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA- ssl_prefer_server_ciphers on;
location / {
proxy_pass https://pc_proxy_group_ssl; proxy_redirect default;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Request-ID $request_id; }}
注意:
如果想把 proxy_set_header 设置在 http 块全部⽣效,那么,server块、location块中不能再出现 proxy_set_header,如果能则不继续
1层代理nginx.conf配置:
user nginx nginx;
worker_processes auto;worker_cpu_affinity auto;
error_log logs/error.log;pid logs/nginx.pid;worker_rlimit_nofile 65535;events { use epoll;
worker_connections 65535;}
http {
## HttpGuard
lua_package_path \"/etc/nginx/httpGuard/?.lua\"; lua_shared_dict dict_system 10m; lua_shared_dict dict_black 50m; lua_shared_dict dict_white 50m;
lua_shared_dict dict_challenge 100m; lua_shared_dict dict_byDenyIp 30m; lua_shared_dict dict_byWhiteIp 30m; lua_shared_dict dict_captcha 70m; lua_shared_dict dict_others 30m;
lua_shared_dict dict_perUrlRateLimit 30m; lua_shared_dict dict_needVerify 30m;
init_by_lua_file \"/etc/nginx/httpGuard/init.lua\";
access_by_lua_file \"/etc/nginx/httpGuard/runtime.lua\"; lua_max_running_timers 1;
include mime.types;
default_type application/octet-stream;
log_format main '$http_x_forwarded_for`$remote_addr`$proxy_add_x_forwarded_for`[$time_local]`\"$request\"`' '$status`$body_bytes_sent`\"$http_referer\"`' '\"$http_user_agent\"`\"$request_time\"`'
'$http_x_request_id`$upstream_response_time`$upstream_addr`$upstream_connect_time`$upstream_status'; log_format access '$remote_addr`[$time_local]`\"$request\"`' '$status`$body_bytes_sent`\"$http_referer\"`' '\"$http_user_agent\"`\"$http_x_forwarded_for\"`'
'$http_x_request_id`$upstream_response_time`$upstream_addr`$upstream_connect_time`$upstream_status';# proxy_ignore_client_abort on;
proxy_headers_hash_max_size 2048; proxy_headers_hash_bucket_size 256; sendfile on; tcp_nopush on; tcp_nodelay on;
keepalive_timeout 60; server_tokens off;
proxy_hide_header X-Powered-By; proxy_hide_header X-AspNet-Version;
gzip on;
gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on;
client_max_body_size 100m; client_body_buffer_size 128k;
client_body_temp_path /dev/shm/client_body_temp; proxy_connect_timeout 600; proxy_read_timeout 600; proxy_send_timeout 600; proxy_buffer_size 16k; proxy_buffers 32 32k;
proxy_busy_buffers_size k; proxy_temp_file_write_size k;
proxy_temp_path /dev/shm/proxy_temp;
map $http_x_forwarded_for $clientRealIp { \"\" $remote_addr;
~^(?P[0-9\\.]+),?.*$ $firstAddr; }include /etc/nginx/conf.d/*.conf;}
1层代理站点配置:
upstream pc_proxy_group { ip_hash;
zone pc_proxy_group_ssl_up 1m; server x.x.x.x:8080 weight=10; server x.x.x.x2:8080 weight=10;
check interval=3000 rise=2 fall=5 timeout=2000 type=http;
check_http_send \"GET /do_not_delete/check.html HTTP/1.0\\r\\n\\r\\n\";
}
server {
listen 443 ssl;
server_name www.xx.com;
access_log logs/www.xx.com.access.log main; ssl on;
ssl_certificate SSL_Certificate/xx.com/_.xx.com.cer; ssl_certificate_key SSL_Certificate/xx.com/_.xx.com.key; ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:WEAK112TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:FS256TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA- ssl_prefer_server_ciphers on;
location / {
proxy_pass http://pc_proxy_group; proxy_redirect default;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }}
若源站为IIS,可使⽤IIS ⾼级⽇志记录获取httpd头 X-Request-ID,其他web容器通过其他⽅法获取请求ID