As a high-performance reverse proxy server, Nginx is widely used in load balancing, caching, HTTPS terminal proxying and other scenarios of Web services. As a reverse proxy server, Nginx not only forwards requests, but also needs to handle the transfer of the request header information. During the proxy process, how to process and forward HTTP header information is crucial to ensuring the correctness of the request, the security of the response, and the user experience.
1. Overview of the working principle of Nginx agent
When Nginx is a reverse proxy server, it is responsible for receiving requests from the client and forwarding the requests to the application server in the background (such as web servers, API servers, etc.). In this process, Nginx not only needs to forward the requested URL and body (Body), but also needs to process and pass the HTTP request header accordingly.
When Nginx forwards a request to a backend server, it is often necessary to modify, add, or delete certain header information. This is because some header information (such as client IP address, original request header, etc.) needs to be kept as it is when passed to the backend, while some headers (such asHost、Connection、Transfer-Encodingetc.) It needs to be modified or removed to ensure that the backend server can handle the request normally.
1.1 Nginx interaction with backend server
The interaction process between Nginx and the backend server is usually done through proxy instructions.proxy_passCome and finish. The request will be sent to the specified address of the backend server, and Nginx will process the forwarding of the request header. For example:
location /api/ {
proxy_pass http://backend_servers;
}
In the above configuration,proxy_passThe instruction forwards the client request to the namebackend_serversbackend server pool. Nginx will use the client requested header information (such asUser-Agent、Authorizationetc.) Pass to the backend server.
2. The delivery mechanism of Nginx proxy header
Nginx automatically passes certain header information to the backend server when proxying requests, but some specific header information can also be modified or added through configuration. Nginx's proxy header delivery is mainly controlled by the following aspects:
2.1 Default proxy header delivery
When Nginx is configured with reverse proxy, by default, it forwards the following HTTP request headers to the backend server:
-
Host: The requested
HostThe header indicates the requested domain name. - User-Agent: Client's browser information.
- Accept-Encoding: The compression method supported by the client.
- Accept-Language: The language settings of the client.
- Referer: The source of the page where the request was initiated.
- Cookie: Cookie information from the client.
2.2 Common header information delivery configurations
In actual production environments, we usually need to adjust the delivery of HTTP headers according to our needs. Nginx provides some instructions to modify or add header information. Common instructions include:
-
proxy_set_header: Used to set the proxy request header, you can add or modify the content of the request header. -
proxy_pass_request_headers: Used to control whether to forward the request header to the backend server, which is enabled by default. -
proxy_pass_request_body: Used to control whether the request body is passed to the backend server.
2.3 proxy_set_header instruction
proxy_set_headerDirectives are used to modify the HTTP header information carried by Nginx forwarding requests. For example, it is usually necessary to pass the original IP address of the client to the backend server, which can be usedX-Real-IPandX-Forwarded-ForThe header passes the client's IP address.
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://backend_servers;
}
In the above configuration:
-
X-Real-IP: Pass the client's real IP address to the backend server. -
X-Forwarded-For: Pass all IP addresses in the request chain to the backend server, which is usually used to track the source IP of the request. -
X-Forwarded-Proto: Pass the protocol used by the request (HTTP or HTTPS) to the backend.
In this way, the backend server can obtain accurate client information and make corresponding processing.
2.4 Common application scenarios of proxy_set_header instruction
Passing of client IP: In load balancing or proxy scenarios, the backend server usually cannot obtain the client's real IP address because the request passes through the Nginx proxy. pass
proxy_set_headerset upX-Real-IPandX-Forwarded-For, the IP address of the client can be passed to the backend.Maintain agreement consistency: For HTTPS and HTTP requests, Nginx can pass
X-Forwarded-ProtoThe header tells the backend which protocol is used to request it, so that the backend can handle the request according to the protocol.Revise
HostHeader: In some cases, Nginx may need to modify the passed to the backendHostThe header, especially in a multi-virtual host environment, Nginx needs to forward the request to a different backend server. Can be passedproxy_set_header HostTo specify the target host name.
2.5 proxy_pass_request_headers and proxy_pass_request_body
By default, Nginx forwards the request header and the request body to the backend server, but in some cases we may need to disable forwarding of the request header or the request body. passproxy_pass_request_headersandproxy_pass_request_bodyInstructions can control this behavior.
proxy_pass_request_headers: This command controls whether to forward the request header to the backend server, default ison. If set tooff, Nginx will not forward the request's header.
location / {
proxy_pass_request_headers off;
proxy_pass http://backend_servers;
}
proxy_pass_request_body: This instruction controls whether to pass the request body to the backend server. Usually when processing GET requests, Nginx passes the request body, but you can use this directive if you need to disable the request body delivery.
location / {
proxy_pass_request_body off;
proxy_pass http://backend_servers;
}
3. Frequently Asked Questions and Solutions in Proxy Header Transmission
3.1 Client IP cannot be delivered correctly
When proxy requests, Nginx will be replaced by default.X-Real-IPandX-Forwarded-ForHead. If not configured correctly, the backend server may not be able to obtain the client's real IP address. The solution is to useproxy_set_headerInstructions to pass the real client IP:
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
3.2 Host head delivery is incorrect
Sometimes, the backend server may need to receive the correct oneHostHeader, especially in the case of multiple virtual hosts. ifHostThe header is not passed correctly, and the backend server may not be able to correctly resolve the requested domain name. Can be usedproxy_set_headerTo modify or setHostHead:
proxy_set_header Host $host;
3.3 The request header is lost
Some headers may be lost during forwarding, especially when dealing with themConnection、Transfer-EncodingWhen waiting for the head. The solution is to ensure that when proxying, the critical headers are not deleted or modified. passproxy_set_headerIt can ensure that the required head is passed.
3.4 Security issues
In some cases, malicious clients may forge header information (e.g.X-Forwarded-For). To avoid this security risk, strict access control should be performed on Nginx to ensure that only trusted proxy servers can modify these headers.
4. Summary
As a reverse proxy server, Nginx's proxy header delivery mechanism is very critical. When dealing with complex Web service architectures, how to reasonably configure and pass HTTP request headers directly affect the correctness and performance of the backend server. Through reasonable configurationproxy_set_header、proxy_pass_request_headersandproxy_pass_request_bodyNginx can ensure that the header information requested by the client is correctly and completely passed to the back-end server, thus making the entire Web service system more efficient and stable.
This is the end of this article about the implementation of Nginx agent header delivery. For more related contents of Nginx agent header delivery, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!