session和ip地址有hash关系,尤其在内外网替换不完全的时候,比如退出使用192.168.13.99/hb_phonebank_web/logout,
登录使用http://116.236.184.238:8006/hb_phonebank_web/,这时session对不上,明显的就是退出没有清掉,重新登录没有
换用户名
外网前端请求的要是外网地址(使用端能访问的地址),之后nginx再转为内网,upstream是nginx内部用的,nginx的装机地址才是外网要映射的地址
外网开映射:
116.236.184.238:8006 ---》 192.168.13.99:80
116.236.184.238:8007 ---》 192.168.13.99:8126
nginx实现:
外网 内网
服务端:http://116.236.184.238:8006/hb_phonebank_web/ ----》 http://192.168.13.99/hb_phonebank_web/
静态页面:http://116.236.184.238:8007/dashboard ----》 http://192.168.13.99:8126/dashboard
外网这种用端口映射的时候,可能会出现退出的时候丢失了端(http://116.236.184.238/hb_phonebank_web/ ),内网80可以省略所以没有问题,nginx 需配置proxy_set_header Host $http_host;
$host不能再用
nginx 配置:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
proxy_buffer_size 128k;
proxy_buffers 32 32k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
client_header_buffer_size 64k;
large_client_header_buffers 4 64k;
# include /etc/nginx/conf.d/*.conf;
upstream 116.236.184.238 {
ip_hash;
server 192.168.13.97:8080;
server 192.168.13.99:8080;
}
server {
listen 80;//本机地址的80,192.168.13.99:80
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
proxy_read_timeout 300;
proxy_pass http://116.236.184.238;
# proxy_set_header Host $host;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
server {
listen 8126;
server_name localhost;
location / {
root /home/distph;
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location /hb_phonebank_web {
client_max_body_size 10M;
proxy_pass http://116.236.184.238;
proxy_redirect off;
#proxy_set_header Host $host;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
}
}
shrio配置:
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/login" />
<!--<property name="successUrl" value="/login/auth" />-->
<property name="successUrl" value="http://116.236.184.238:8007/" />
<property name="unauthorizedUrl" value="/login" />
<property name="filterChainDefinitionMap" ref="chainDefinitionSectionMetaSource" />
<property name="filters">
<map>
<entry key="authc" value-ref="authenticationFilter" />
<entry key="role" value-ref="roleAuthorizationFilter" />
</map>
</property>
</bean>
退出的时候,也换成http://116.236.184.238:8006/hb_phonebank_web/logout