nginx代理後獲取客戶端真實IP
參考以下文章:https://my.oschina.net/yysue/blog/2221374。
nginx做反向代理時,默認的配置後端獲取到的ip都是來自於nginx,如何轉發用戶的真實ip到後端程序呢?如是是java後端,用request.getRemoteAddr();獲取到的是nginx的ip地址,而不是用戶的真實ip.
修改nginx配置,如下:
upstream www.xxx.com {
ip_hash;
server serving-server1.com:80;
server serving-server2.com:80;
}
server {
listen www.xxx.com:80;
server_name www.xxx.com;
location / {
proxy_pass http://www.xxx.cn;
}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
在原來配置的基礎上加入後面的三條指令,就可以用request.getHeader("X-Forwarded-For");獲取到訪客的ip了.
附:Java獲取客戶端ip的實現
private static final String[] IP_HEADER_CANDIDATES = {
"X-Forwarded-For",
"Proxy-Client-IP",
"WL-Proxy-Client-IP",
"HTTP_X_FORWARDED_FOR",
"HTTP_X_FORWARDED",
"HTTP_X_CLUSTER_CLIENT_IP",
"HTTP_CLIENT_IP",
"HTTP_FORWARDED_FOR",
"HTTP_FORWARDED",
"HTTP_VIA",
"REMOTE_ADDR" };
public static String getClientIpAddress(HttpServletRequest request) {
for (String header : IP_HEADER_CANDIDATES) {
String ip = request.getHeader(header);
if (ip != null && ip.length() != 0 && !"unknown".equalsIgnoreCase(ip)) {
int index = ip.indexOf(",");
if (index != -1) {
return ip.substring(0, index);
}
return ip;
}
}
return request.getRemoteAddr();
}
我的理解是:nginx要將真實客戶端帶下去,否則服務端拿不到。