nginx accesses the project through the domain name (do not receive the project name), cookie loss problem details

Keywords: Nginx Web Server firewall Tomcat

Recently, I got a domain name. If I want to use it to directly access the project deployed on Tomcat, I have to add the project name at the beginning. After a short configuration, it succeeded. Visit once and arrive at the landing page. As a result, you can't log in. You have been logging in the interface all the time. It was originally due to the loss of cookie s. Now it is configured as follows to solve the problem perfectly:

server {
        listen       80;
        #listen       somename:8080;
        server_name www.XXX.cn;

        location / {
            proxy_pass http://IP:8080/projectName/;
            proxy_cookie_path /projectName/ /;
           proxy_set_header   Host    $host;
           proxy_set_header   X-Real-IP   $remote_addr;
           proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            #root   html;
            #index  index.html index.htm;
        }
        location /projectName/ {
           proxy_pass http://IP:8080/projectName/;
           proxy_cookie_path /projectName/ /;
           proxy_set_header   Host    $host;
           proxy_set_header   X-Real-IP   $remote_addr;
           proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
       }
    }

Proxy ﹐ cookie ﹐ path / projectName / /; is used to change the cookie path and solve the problem of cookie loss

When configuring domain name access applications, cookie loss often occurs. The reason is that the path of a common configuration cookie is (the address without proxy): http://IP:8080/projectName cookie path: / project

But in order to access the application without adding the project name, we set the location proxy address to /. So we need to change the path of the cookie. Syntax: proxy ﹣ cookie ﹣ path path replacement

Path is the path you need to replace, and replacement is the value you need to replace

proxy_set_header Host $host;       

The value of the host variable is obtained according to the following priority:

1. host in the request line
2. Host header in request header
3. server name matching a request

Clearly, there are three points. Take the one with the highest priority. In a literal sense, the selection process is: if there is host information in the request line, take the host in the request line as the host variable

Value (the host and host variables are not the same thing, which is very awkward); if there is no host information in the request line, the value of the host header in the request header is taken as the value of the host variable; if there is no previous two, then

Then the host variable is the service name that matches the request.

Proxy ﹣ set ﹣ header x-real-ip $remote ﹣ addr; used to obtain the real IP address of the user

The details are as follows:

After the reverse proxy, because an intermediate layer is added between the client and the web server, the web server cannot get the ip address of the client directly. The ip address of Nginx will be obtained through the $remote [addr variable,

But Nginx can get the user's real IP. That is to say, when Nginx gets the user's real IP through the $remote ﹣ addr variable, we need to assign

Value it, as the above configuration, Nginx assigns the user's real IP to X-Real-IP, and then gets the IP at the web side request.getAttribute("X-real-ip")

Proxy ﹣ set ﹣ header x-forwarded-for $proxy ﹣ add ﹣ x ﹣ forwarded ﹣ for getting the user's real IP address

Attached are the tools for acquiring IP:

import java.io.IOException;

import javax.servlet.http.HttpServletRequest;

/**
 * Common tools for obtaining client information
 * 
 */
public final class NetworkUtil {

    /**
     * Get the IP address of the request host. If you enter through the proxy, get the real IP address through the firewall;
     * 
     * @param request
     * @return
     * @throws IOException
     */
    public final static String getIpAddress(HttpServletRequest request) throws IOException {
        // Obtain the IP address of the request host. If you enter through the proxy, obtain the real IP address through the firewall

        String ip = request.getHeader("X-Forwarded-For");

        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
                ip = request.getHeader("Proxy-Client-IP");
            }
            if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
                ip = request.getHeader("WL-Proxy-Client-IP");
            }
            if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
                ip = request.getHeader("HTTP_CLIENT_IP");

            }
            if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
                ip = request.getHeader("HTTP_X_FORWARDED_FOR");

            }
            if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
                ip = request.getRemoteAddr();

            }
        } else if (ip.length() > 15) {
            String[] ips = ip.split(",");
            for (int index = 0; index < ips.length; index++) {
                String strIp = (String) ips[index];
                if (!("unknown".equalsIgnoreCase(strIp))) {
                    ip = strIp;
                    break;
                }
            }
        }
        return ip;
    }
}

 

Published 15 original articles, won praise and 10000 visitors+
Private letter follow

Posted by bundyxc on Wed, 04 Mar 2020 21:16:34 -0800

Hot Keywords

©2024 Programmer Group