利用nginx实现支付系统隐藏IP进行回调

之前开发了一套聚合支付系统——优米云支付https://pay.umistrong.com.cn/

虽然目前系统没有遭遇DDOS攻击,但是还是需要未雨绸缪,避免未来可能发生的攻击,对云服务器隐藏IP是有必要的。

我们都知道,网站前置CDN进行IP隐藏很容易,但是对于支付系统这类需要对商户网站进行回调,由于是用本系统发起对商户网站的http请求,自然会有IP暴露的问题。

实现隐藏IP有3个思路

方案1.使用apache的httpclient进行代理访问

    //设置代理IP、端口、协议(请分别替换)
    HttpHost proxy = new HttpHost("你的代理的IP", 8080, "http");

    //把代理设置到请求配置
    RequestConfig defaultRequestConfig = RequestConfig.custom()
            .setProxy(proxy)
            .build();

    //实例化CloseableHttpClient对象
    CloseableHttpClient httpclient = HttpClients.custom().setDefaultRequestConfig(defaultRequestConfig).build();

    //访问目标地址
    HttpGet httpGet = new HttpGet("http://www.baidu.com");

    //请求返回
    CloseableHttpResponse httpResp = httpclient.execute(httpGet);
    try {
        int statusCode = httpResp.getStatusLine().getStatusCode();
        if (statusCode == HttpStatus.SC_OK) {
            System.out.println("成功");
        }
    } catch (Exception e) {

    } finally {
        httpResp.close();
    }

第一种方案,需要在每个代理服务器安装代理软件,并且有多台代理时候,依赖支付系统内轮询做负载均衡。

方案2.开发扩展模块,支付系统调用扩展模块接口进行通信

第二种方案,扩展模块需要部署到每个代理服务器,假设扩展模块用java开发,就需要每台服务器安装JRE,也很麻烦,负载均衡可在支付系统做也可在扩展模块做。

方案3.使用nginx的反向代理,在java发起请求时候,自定义header携带网址参数,nginx端设置proxy_pass 使用获取到的header参数即可

第三种方案就简单了,依靠nginx自带的负载均衡,本文重点说的这个方案,非常灵活!!!

java代码部分,增加X-Target的header

URL url = new URL("hidden.com");
HttpURLConnection httpConn = (HttpURLConnection) url.openConnection();
httpConn.setRequestProperty("X-Target", requestUrl);//requestUrl为商户网站回调地址

hosts文件设置本地解析,支付系统和nginx负载均衡放同一服务器上

127.0.0.1 hidden.com

nginx负载均衡端配置underscores_in_headers必须开,否则nginx无法接收自定义header,proxy_set_header X-Target也要加,这个需要向下级nginx传递header,nginx获取自定义header的写法$http_前缀加上名称小写且中划线变成下划线,这里upstream我用了三台服务器,权重都是1,平均分配

http {
	underscores_in_headers on;
	
	upstream hidden.com {
		server 172.16.110.13:80 weight=1;
		server 172.16.110.12:80 weight=1;
		server 172.16.110.14:80 weight=1;
	}
	
	server {
        	listen       80;
        	server_name  hidden.com;

       	 	location / {
			proxy_set_header X-Target $http_x_target;
        		proxy_pass   http://hidden.com;
        	}
	}
}

nginx代理端配置, resolver一定要加,不然会出现502错误

	server {
        	listen       80;
        	server_name  hidden.com;
        	resolver     8.8.8.8;

        	location / {
           		 proxy_pass   $http_x_target;
        	}
	}

至此配置完成,后续增加代理服务器就很方便了,可以在负载均衡端增加节点,或者在代理服务器下继续传递X-Target,理论上是无限级传递。

“利用nginx实现支付系统隐藏IP进行回调”的9个回复

  1. I as well as my friends appeared to be viewing the great tips and hints from your web page and so immediately came up with a terrible feeling I never expressed respect to the blog owner for them. All the people are actually as a consequence very interested to read them and already have quite simply been taking advantage of those things. Thank you for actually being very considerate as well as for selecting variety of smart useful guides most people are really eager to be informed on. My personal sincere apologies for not expressing appreciation to sooner.

  2. I want to convey my appreciation for your kind-heartedness for men and women that actually need help on your concept. Your real commitment to getting the solution across came to be quite invaluable and have always helped women like me to get to their targets. Your own interesting tutorial can mean a lot a person like me and additionally to my office colleagues. Thanks a lot; from all of us.

  3. I and my friends came studying the best hints from your web page while suddenly I got a terrible suspicion I had not expressed respect to the blog owner for those strategies. Most of the boys are already warmed to study all of them and have in effect in actuality been using them. Thank you for simply being very accommodating as well as for opting for some wonderful themes millions of individuals are really eager to be informed on. Our sincere apologies for not expressing gratitude to sooner.

  4. I would like to voice my respect for your kindness giving support to visitors who really want help with the matter. Your real dedication to passing the message all around appears to be exceedingly powerful and have constantly helped some individuals much like me to attain their dreams. This warm and friendly useful information entails much a person like me and additionally to my office colleagues. Best wishes; from each one of us.

  5. I as well as my pals have already been looking at the excellent solutions found on the blog and so unexpectedly came up with a terrible suspicion I never thanked you for those strategies. The boys were as a result excited to learn them and have now in reality been enjoying those things. Appreciation for indeed being simply helpful as well as for considering variety of impressive subjects millions of individuals are really desperate to learn about. My personal sincere apologies for not expressing gratitude to you sooner.

  6. Thanks for all your effort on this site. My mother take interest in carrying out investigation and it is obvious why. Most of us hear all regarding the powerful method you make good tricks by means of your web blog and therefore recommend participation from other people on the situation and our own daughter has been becoming educated a whole lot. Enjoy the remaining portion of the year. You have been doing a good job.

  7. I would like to express thanks to you for rescuing me from this particular dilemma. Right after looking out through the online world and finding views which were not beneficial, I figured my entire life was gone. Existing without the answers to the issues you have solved by means of your post is a crucial case, as well as the kind which may have in a negative way affected my entire career if I hadn’t encountered your web page. Your primary understanding and kindness in playing with almost everything was excellent. I am not sure what I would have done if I had not come upon such a point like this. I can at this moment look ahead to my future. Thanks very much for your skilled and sensible guide. I won’t think twice to recommend your site to anybody who desires tips about this subject matter.

  8. I have to express my affection for your kindness for men who have the need for help with this particular niche. Your special dedication to getting the message around was extremely good and have constantly permitted girls much like me to attain their objectives. Your own valuable suggestions implies a lot a person like me and substantially more to my office colleagues. Thanks a lot; from all of us.

  9. I must get across my respect for your kindness for all those that really need help on this concern. Your special commitment to passing the message throughout appeared to be certainly significant and has all the time made regular people just like me to achieve their targets. This informative tips and hints indicates a lot a person like me and additionally to my peers. Best wishes; from each one of us.

发表评论

电子邮件地址不会被公开。 必填项已用*标注