Nginx核心要領八：獲取客戶端真實ip一realip模塊

畫了個請求從發起–經過–到服務器接收的流程

開發的應用怎麼拿到客戶端的真實IP呢？java方法獲取客戶端真實IP

 /** 
     * 獲取用戶真實IP地址，不使用request.getRemoteAddr()的原因是有可能用戶使用了代理軟件方式避免真實IP地址, 
     * 可是，如果通過了多級反向代理的話，X-Forwarded-For的值並不止一個，而是一串IP值 
     *  
     * @return ip
     */
    private String getIpAddr(HttpServletRequest request) {
        String ip = request.getHeader("x-forwarded-for"); 
        System.out.println("x-forwarded-for ip: " + ip);
        if (ip != null && ip.length() != 0 && !"unknown".equalsIgnoreCase(ip)) {  
            // 多次反向代理後會有多個ip值，第一個ip纔是真實ip
            if( ip.indexOf(",")!=-1 ){
                ip = ip.split(",")[0];
            }
        }  
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {  
            ip = request.getHeader("Proxy-Client-IP");  
            System.out.println("Proxy-Client-IP ip: " + ip);
        }  
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {  
            ip = request.getHeader("WL-Proxy-Client-IP");  
            System.out.println("WL-Proxy-Client-IP ip: " + ip);
        }  
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {  
            ip = request.getHeader("HTTP_CLIENT_IP");  
            System.out.println("HTTP_CLIENT_IP ip: " + ip);
        }  
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {  
            ip = request.getHeader("HTTP_X_FORWARDED_FOR");  
            System.out.println("HTTP_X_FORWARDED_FOR ip: " + ip);
        }  
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {  
            ip = request.getHeader("X-Real-IP");  
            System.out.println("X-Real-IP ip: " + ip);
        }  
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {  
            ip = request.getRemoteAddr();  
            System.out.println("getRemoteAddr ip: " + ip);
        } 
        System.out.println("獲取客戶端ip: " + ip);
        return ip;  
    }

可以看出獲取Ip是從http的header中獲取的，通過：X-Forwarded-For、X-Real-IP這兩個header參數

nginx通過 realip模塊取到真實IP後，需要設置到上游服務中去，這時我們的應用就能通過 X-Forwarded-For、X-Real-IP這兩個header拿到客戶端IP了

realip默認是不編譯進nginx的，需要在configure時，通過 --without-http-realip-module 來啓用這個功能

編譯後nginx配置如下：

location / {
  proxy_set_header Host $host;
  #把取到的IP設置到header的上游服務中
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}