request nginx 透传获取真实的ip

admin

nginx.conf配置:
) w5 D' E3 W2 \1 D0 `* B
location / {   
     proxy_pass http://127.0.0.1:8081/myweb/;  
$ G4 k" V9 L5 ?( K# n% S     proxy_redirect    off;  
     proxy_set_header  Host             $host;  
     proxy_set_header  X-Real-IP        $remote_addr;  
1 O- \+ N: O, e: l+ G* j1 R. q     proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;  
}  
! v; D! S: j( m, J( ?
后端获取方式:

; B  u! q5 v) x% z  l( Q, H/***
. i( X3 G; l) r8 x, H& m: j * 获取客户端IP地址;这里通过了Nginx获取;X-Real-IP,
- ~4 R. Z0 ]: }* G3 y$ u. i  I9 h# V * @param request
3 f9 M  V5 k5 x8 S7 Q * @return
*/  
public static String getClientIP(HttpServletRequest request) {  
    String fromSource = "X-Real-IP";  
    String ip = request.getHeader("X-Real-IP");  
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {  
        ip = request.getHeader("X-Forwarded-For");  
/ J- s$ e6 B" |2 I8 }6 E& S        fromSource = "X-Forwarded-For";  
    }  
1 k  e+ l* ]! F* n5 q8 y    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {  
        ip = request.getHeader("Proxy-Client-IP");  
        fromSource = "Proxy-Client-IP";  
/ u2 W. e) m' P* |    }  
7 H& k' J; R) [) u9 c6 V6 ^9 C    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {  
7 X9 y4 F% k: y- h4 I! x        ip = request.getHeader("WL-Proxy-Client-IP");  
9 `! V9 M8 N$ F  o6 a3 U$ v( s        fromSource = "WL-Proxy-Client-IP";  
    }  
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {  
1 D9 D; {3 ^# S8 S& |: d4 D! R        ip = request.getRemoteAddr();  
0 ]$ B; H& R; a2 |        fromSource = "request.getRemoteAddr";  
  J4 S. w  @0 g0 e  h( R    }  
    appLog.info("App Client IP: "+ip+", fromSource: "+fromSource);  
# n+ a, a: ?+ l* ^% |$ R# T    return ip;  
}  
( \- T9 D" V' [& t, H8 ]) J
7 ]5 A7 q' u; \* F  U这样就不会一直获取的是服务器的Ip了。

( Q/ S- y8 ]5 s
9 p) ?& Z3 n2 y' U4 O- B. u

admin

举个例子，Nginx 中的代理配置假如是这样配置的：
5 l# |( x" L% X
    location / {
        proxy_http_version 1.1;
( F  y& i9 E# C5 u/ M        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
2 e4 Q, J, R% M; M( ^' A        proxy_set_header Host $http_host;
; B# i# \8 t. k' @  o8 `/ Y        proxy_set_header X-NginX-Proxy true;
0 `2 @5 ]: q5 w( o  ]/ Z, u: `# ^        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass http://127.0.0.1:8080$request_uri;
6 ~$ r4 A0 j- b/ I3 W; z& p3 Z        proxy_redirect off;
/ u' K, U7 `- a8 w3 g9 ]( p8 C* _6 M  M    }
/ k! v) B( c5 d: L代理的配置中添加了一个自定义 header X-Real-IP，所以你可以在目标服务器中通过 X-Real-IP 这个 header 取到用户的真实 IP。
$ A' P* {) g5 [! X& R) f
0 I- Q* e" h% }4 I& X2 \9 S或者也可以通过取 X-Forwarded-For，这个 header 比较常见，一般的负载均衡器也会添加这个 header 以传递用户的真实 IP。