background
In the actual development process, we often use Nginx as a reverse proxy, sometimes even use multi-level Nginx as a reverse proxy, if we use multi-level Nginx how to obtain the real IP? I’m going to do it in two positions
The environment
- Two servers: Nginx and Web services are installed
- One service: SpringBoot launches the Web service
- PC (nginx) – > 14.23 – > 14.22 (nginx) – > 14.22 (web services)
Pose a
14.23 nginx configuration file
Http_forwarded_for $REMOTE_ADDR; Http_forwarded_FOR $REMOTE_ADDR; Layer 1 nginx gets the IP address of the client
server { listen 7050; The location / {proxy_pass http://xx.xx.14.22:8081/TestServer; proxy_set_header X-Real-PORT $remote_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; }Copy the code14.22 nginx configuration file
Http_forwarded_for $FORWARded_FORWARded_for; http_forwarded_forwarded_for;
Layer 2 nginx, on the real IP + the address of the server where the upper layer nginx resides.
This time, x-Forwarded-For is set to “True IP address, the IP address of tier 1 Nginx.”
server { listen 8081; listen [::]:8081 ipv6only=on; location / { proxy_set_header Host $host; Proxy_http_version 1.1; proxy_set_header Connection ""; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; Proxy_pass http://xx.xx.14.22:8080; }}Copy the codeTestServer
@Autowired HttpServletRequest request; @getMapping ("/test") Public String test(){// Obtain multiple IP addresses separated by commas. String ips = Request.getheader ("X-Forwarded-For"); Ips.split (",")[0]; ips.split(",")[0]; return ip; }Copy the codeThe principle of analysis
Proxy_set_header x-real-ip $remote_addr; proxy_set_header x-real-ip $remote_addr; This configuration will put the client IP in the HTTP header, so that the final application can get the real CLIENT IP through Request. getHeader
The advantages and disadvantages of pose one
- Advantages: Multiple Nginx IP addresses can be obtained
- Disadvantages: The first IP address must be a real ONE
Position 2
14.23 nginx configuration file
Proxy_set_header x-customnreal-ip $remote_ADDR; Layer 1 nginx takes the client IP and customizes x-Customnreal-IP
server { listen 7050; The location / {proxy_pass http://xx.xx.14.22:8081/TestServer; proxy_set_header X-CustomnReal-IP $remote_addr; }Copy the code14.22 nginx configuration file
server { listen 8081; listen [::]:8081 ipv6only=on; location / { proxy_set_header Host $host; Proxy_http_version 1.1; proxy_set_header Connection ""; Proxy_pass http://xx.xx.14.22:8080; }}Copy the codeTestServer
@getMapping ("/test2") public String test2(){// Real IP String IP = request.getheader (" x-Customnreal-ip "); @getMapping ("/test2") public String test2(){// Real IP String IP = request. return ip; }Copy the codeThe advantages and disadvantages of pose one
- Advantages: Obtain the real IP address directly
- Disadvantages: Cannot obtain multi-level IP addresses
conclusion
Have you learned?