request nginx 透传获取真实的ip

admin

nginx.conf配置:
/ r0 R) D+ `' \5 f5 m: f; j
location / {   
     proxy_pass http://127.0.0.1:8081/myweb/;  
     proxy_redirect    off;  
     proxy_set_header  Host             $host;  
+ C$ r4 I  A  W* e$ t     proxy_set_header  X-Real-IP        $remote_addr;  
$ z9 R3 L+ }& N0 M5 \     proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;  
7 ^; D( H9 _# t( s}  
, H" z  I1 n- S! o) x' k; U7 O& U7 {
% l& z5 K! ?, N后端获取方式:
: g: U5 O* v7 p( V6 L8 ?, k# v
/***
* 获取客户端IP地址;这里通过了Nginx获取;X-Real-IP,
* @param request
! d8 j( w/ i1 B, h* K * @return
( {/ }3 U) `- c1 ?' T; x */  
1 o3 |% x; K* P/ x6 [public static String getClientIP(HttpServletRequest request) {  
% ]7 W6 l$ ~5 R' I2 t    String fromSource = "X-Real-IP";  
+ O9 P% ]6 r: Z( _+ L    String ip = request.getHeader("X-Real-IP");  
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {  
5 f/ t; |) z% h9 W4 ?' ]        ip = request.getHeader("X-Forwarded-For");  
- Z, I  k( q/ a9 U1 ]4 D        fromSource = "X-Forwarded-For";  
    }  
- v! j# }$ E8 @- O! ?    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {  
. e: i2 p! Q+ R+ |5 m: K) @        ip = request.getHeader("Proxy-Client-IP");  
8 P! _' J) g* D' o. I: S/ D        fromSource = "Proxy-Client-IP";  
    }  
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {  
* x* Y1 I5 v$ x3 d9 ~        ip = request.getHeader("WL-Proxy-Client-IP");  
        fromSource = "WL-Proxy-Client-IP";  
+ N" t6 e- O9 f- W    }  
; d* `" n7 {: k7 x: j2 _1 H, G+ \, I/ Q    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {  
" q( ]$ K" @6 l' u6 w$ A        ip = request.getRemoteAddr();  
        fromSource = "request.getRemoteAddr";  
$ E5 X! A4 @( A( E    }  
; `8 s' R7 p5 t    appLog.info("App Client IP: "+ip+", fromSource: "+fromSource);  
    return ip;  
}  

$ L. w2 t2 w( ~这样就不会一直获取的是服务器的Ip了。

admin

举个例子，Nginx 中的代理配置假如是这样配置的：

/ w: q3 n/ C, t    location / {
        proxy_http_version 1.1;
# E" e6 h# F, z( G1 C6 i        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
4 X: J( t( T4 G        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
8 T' l. U5 K2 x. G' F; P        proxy_set_header Upgrade $http_upgrade;
" J! \! U0 r) H* M6 [        proxy_set_header Connection "upgrade";
        proxy_pass http://127.0.0.1:8080$request_uri;
        proxy_redirect off;
2 T9 e9 N& y- i6 _    }
代理的配置中添加了一个自定义 header X-Real-IP，所以你可以在目标服务器中通过 X-Real-IP 这个 header 取到用户的真实 IP。
( s! i8 V) Z  M* ^7 u) l
3 K( F9 g  E9 l) E4 n8 q4 s. ?或者也可以通过取 X-Forwarded-For，这个 header 比较常见，一般的负载均衡器也会添加这个 header 以传递用户的真实 IP。