nginx反向代理如何获取真实IP?
由于客户端和web服务器之间增加了中间层,因此web服务器无法直接拿到客户端的ip,通过$remote_addr变量拿到的将是反向代理服务器的ip地址。
1、安装–with-http_realip_module
要想在程序中取得真实的IP,需对nginx重新编译,新增–with-http_realip_module选项,操作如下:
cd /home/xxx/dev/nginx-1.10.2/ ./configure --with-http_realip_module make make install
#查看–with-http_realip_module是否安装成功
cd /usr/local/nginx/sbin
sudo ./nginx -V
注意:安装前nginx记得先关闭,安装完毕再重启。
2、相关配置
location / { proxy_pass http://lotmall; proxy_buffering on; set_real_ip_from 192.168.1.118; #指定接收来自哪个代理发送的IP head,可以是单个IP或者IP段 real_ip_header X-Real-IP; proxy_connect_timeout 30; proxy_read_timeout 30; proxy_send_timeout 30; }
3、nginx打印用户真实IP
http { log_format main \'$proxy_add_x_forwarded_for - $remote_user [$time_local] "$request" \' \'$status $body_bytes_sent "$http_referer" \' \'"$http_user_agent" "$http_x_forwarded_for"\'; access_log /usr/local/nginx/logs/access.log main; }
因为默认用的$remote_addr打印的是代理服务器的IP,我们不需要这个,所以我们使用代替了它的$http_x_forwarded_for 就可以打印出真实用户的IP了。
4、Java获取客户端真实IP方法
/** * 请求获取客户端的真实IP地址 * * @param request * @return * @author jqlin */ public static String getRealIpAddress(HttpServletRequest request) { String ipAddress = request.getHeader("x-forwarded-for"); if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) { ipAddress = request.getHeader("Proxy-Client-IP"); } if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) { ipAddress = request.getHeader("WL-Proxy-Client-IP"); } if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) { ipAddress = request.getRemoteAddr(); if (ipAddress.equals("127.0.0.1") || ipAddress.equals("0:0:0:0:0:0:0:1")) { // 根据网卡取本机配置的IP try { InetAddress inet = InetAddress.getLocalHost(); ipAddress = inet.getHostAddress(); } catch (UnknownHostException e) { log.error("根据网卡获取本机配置的IP异常", e); } } } // 对于通过多个代理的情况,第一个IP为客户端真实IP,多个IP按照\',\'分割 if (ipAddress != null && ipAddress.indexOf(",") > 0) { // "***.***.***.***".length() ipAddress = ipAddress.split(",")[0]; } return ipAddress; }