request nginx 透传获取真实的ip

admin

nginx.conf配置:

location / {   
     proxy_pass http://127.0.0.1:8081/myweb/;  
+ _; z% }4 a$ \9 o     proxy_redirect    off;  
     proxy_set_header  Host             $host;  
6 W& ?+ b$ @6 U& p& g     proxy_set_header  X-Real-IP        $remote_addr;  
) Z3 P# H# o/ d/ R$ r     proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;  
5 `; a' [, r# P2 X1 ~. I& y}  

; |9 P; D  {  d0 E3 O后端获取方式:
5 G/ ^8 e; P. S; t0 L' C7 {. e
+ q; w1 o, k+ }6 r! A1 D8 B9 `3 x/***
4 i8 C$ i: H% A, E * 获取客户端IP地址;这里通过了Nginx获取;X-Real-IP,
* @param request
* @return
6 h1 |/ A) l8 M */  
5 ~6 ?3 H8 J$ y, J7 ^9 C8 o# qpublic static String getClientIP(HttpServletRequest request) {  
5 z& Q8 C) C7 u. d; K    String fromSource = "X-Real-IP";  
6 L; ^8 l$ r/ n& ^2 u    String ip = request.getHeader("X-Real-IP");  
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {  
        ip = request.getHeader("X-Forwarded-For");  
        fromSource = "X-Forwarded-For";  
0 H" c0 S" r9 S$ B$ R5 F$ L    }  
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {  
3 @) R8 X% [8 O' I! i        ip = request.getHeader("Proxy-Client-IP");  
5 R6 ?7 Y- P1 w. f        fromSource = "Proxy-Client-IP";  
! Z7 o0 [  O! @; s% j2 y3 M    }  
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {  
5 P4 p1 Q4 X2 z) l8 p. q        ip = request.getHeader("WL-Proxy-Client-IP");  
        fromSource = "WL-Proxy-Client-IP";  
  U) S+ s8 [" G/ Y# |% a$ w% T4 {( ^    }  
+ s6 o9 v+ n: m    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {  
# |: J' b7 r/ G        ip = request.getRemoteAddr();  
; r4 N% y7 V  C2 C2 m2 w. f# v( y; Z        fromSource = "request.getRemoteAddr";  
    }  
    appLog.info("App Client IP: "+ip+", fromSource: "+fromSource);  
    return ip;  
}  
0 z4 o7 {9 K, G
6 B' a! @5 i& j/ m( d这样就不会一直获取的是服务器的Ip了。
. i2 q! W1 P$ U& D" \/ D+ q, |5 r

" g; `  J4 [" \

admin

举个例子，Nginx 中的代理配置假如是这样配置的：

$ k" Z6 \( [( a) [* A% S    location / {
        proxy_http_version 1.1;
        proxy_set_header X-Real-IP $remote_addr;
( W# \; `6 [& i% X2 o# S        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
, L& Q1 h8 X. W) L/ @% Y( z        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
) T3 E4 g5 E9 a2 ]        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass http://127.0.0.1:8080$request_uri;
7 T3 ~4 M/ L2 t1 F        proxy_redirect off;
    }
代理的配置中添加了一个自定义 header X-Real-IP，所以你可以在目标服务器中通过 X-Real-IP 这个 header 取到用户的真实 IP。
8 L8 B1 [% ^4 V! _% w
或者也可以通过取 X-Forwarded-For，这个 header 比较常见，一般的负载均衡器也会添加这个 header 以传递用户的真实 IP。