odoo nginx反向代理后获取真实IP详解程序员

odoo官方对nginx代理的设置方式如下:

Configuration sample

Redirect http requests to https
Proxy requests to odoo
in /etc/odoo.conf set:

proxy_mode = True 

in /etc/nginx/sites-enabled/odoo.conf set:

#odoo server 
upstream odoo { 
 server 127.0.0.1:8069; 
} 
upstream odoochat { 
 server 127.0.0.1:8072; 
} 
 
# http -> https 
server { 
   listen 80; 
   server_name odoo.mycompany.com; 
   rewrite ^(.*) https://$host$1 permanent; 
} 
 
server { 
 listen 443; 
 server_name odoo.mycompany.com; 
 proxy_read_timeout 720s; 
 proxy_connect_timeout 720s; 
 proxy_send_timeout 720s; 
 
 # Add Headers for odoo proxy mode 
 proxy_set_header X-Forwarded-Host $host; 
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
 proxy_set_header X-Forwarded-Proto $scheme; 
 proxy_set_header X-Real-IP $remote_addr; 
 
 # SSL parameters 
 ssl on; 
 ssl_certificate /etc/ssl/nginx/server.crt; 
 ssl_certificate_key /etc/ssl/nginx/server.key; 
 ssl_session_timeout 30m; 
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
 ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; 
 ssl_prefer_server_ciphers on; 
 
 # log 
 access_log /var/log/nginx/odoo.access.log; 
 error_log /var/log/nginx/odoo.error.log; 
 
 # Redirect longpoll requests to odoo longpolling port 
 location /longpolling { 
 proxy_pass http://odoochat; 
 } 
 
 # Redirect requests to odoo backend server 
 location / { 
   proxy_redirect off; 
   proxy_pass http://odoo; 
 } 
 
 # common gzip 
 gzip_types text/css text/scss text/plain text/xml application/xml application/json application/javascript; 
 gzip on; 
} 

个人说明:

按照上述配置完成后可以测试一下:

from odoo.addons.web.controllers import main 
from odoo.http import request 
from odoo.exceptions import Warning 
import odoo 
import odoo.modules.registry 
from odoo.tools.translate import _ 
from odoo import http 
import logging 
logging.basicConfig(level=logging.INFO) 
 
 
class Home(main.Home): 
 
    @http.route('/web/login', type='http', auth="public") 
    def web_login(self, redirect=None, **kw): 
        #该方法可以在用户登录时抓取用户的IP地址 
          ip_address = request.httprequest.environ['REMOTE_ADDR'] 
          logging.info('ip_address:{}'.format(ip_address)) 

nginx配置补充:

在nginx中配置的表头信息,都可以在request.httprequest.environ中获取到,比如下方设置的表头信息,

 proxy_set_header X-Forwarded-Host $host; 
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
 proxy_set_header X-Forwarded-Proto $scheme; 
 proxy_set_header X-Real-IP $remote_addr; 

另外在服务端的打印日志,仍然不会显示真实的IP地址,可以参考下方链接修改:

IT虾米网

原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/tech/aiops/1587.html

(0)
上一篇 2021年7月15日 23:13
下一篇 2021年7月15日 23:13

相关推荐

发表回复

登录后才能评论