nginx在前端把真實IP傳給後端伺服器的配置
nginx端配置主配置檔案
-
server {
-
listen 80;
-
server_name localhost;
-
location /{
-
rewrite ^/web(.*)$ /$1 last;
-
proxy_pass http://localhost:8080/web/;
-
proxy_cookie_path /web /;
-
#以下三個proxy_set_header配置項是重點
-
proxy_set_header Host $host;
-
proxy_set_header X-Real-IP $remote_addr;
-
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
}
-
error_page 500 502 503 504 /50x.html;
-
location = /50x.html {
-
root /usr/share/nginx/html;
-
}
-
}
1. Host
包含客戶端真實的域名和埠號;
2. X-Forwarded-Proto
表示客戶端真實的協議(http還是https);
3. X-Real-IP
表示客戶端真實的IP;
4. X-Forwarded-For
這個Header和X-Real-IP
tomcat日誌配置檔案$CATALINA_HOME/conf/server.xml
在host中,修改以下內容,在Host元素內最後加入
-
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
-
prefix="localhost_access_log." suffix=".txt"
-
pattern="%{X-Real-IP}i %l %u %t %D "%r" %s %b" />
其中X-Real-IP與NGINX中配置的要對應,此變數即是客戶的真實IP
新增以下valve
-
<Valve className="org.apache.catalina.valves.RemoteIpValve"
-
internalProxies="127\.0\.0\.1"
-
remoteIpHeader="x-forwarded-for"
-
remoteIpProxiesHeader="x-forwarded-by"
-
trustedProxies="127\.0\.0\.1"/>