使用nginx/1.10.2代理和tomcat7我试图通过request.getRemoteAddr()在java webapp中获取实际的远程IP地址,但始终获得127.0.0.1。这是我做的:
CentOS代理通行证:setsebool -P httpd_can_network_connect true
&安培;除了http/ajp端口更改之外,tomcat7上没有配置。
Nginx配置:
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off;
client_body_in_file_only clean;
client_body_buffer_size 32K;
client_max_body_size 50M;
sendfile on;
send_timeout 300s;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /var/www/html;
index index.php index.html index.htm;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
}
Nginx代理配置:
upstream my_tomcat {
server 127.0.0.1:81;
}
server {
listen 80;
server_name sub.domain.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://my_tomcat;
proxy_redirect off;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
}
}
server {
listen 80;
server_name www.sub.domain.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://my_tomcat;
proxy_redirect off;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
}
}
答案 0 :(得分:1)
除非我上次查看后发生了很多变化,否则使用request.getRemoteAddr()将始终返回代理主机的地址。您必须检查代理服务器添加的标头以提取实际的主机标识。你得到的(主机名或IP地址)将取决于nginx代理的功能。
答案 1 :(得分:1)
您应该使用HTTP标头X-Real-IP来获取真正的远程IP。
'how'写在下面
request.getHeader("X-Real-IP")
'为什么'是,代理在http标头X-Real-IP中添加真实的client-ip作为代理过程的一部分。
答案 2 :(得分:1)
Tomcat 7/8/9 有一个用于此目的的 Valve,即远程 IP Valve。
默认情况下,它将检查“X-Forwarded-For”的请求标头,这是代理将添加的标准标头。然后当 request.getRemoteAddr() 被调用时,它返回实际的远程地址。
例如,将以下内容放在 server.xml 级别的 <Engine> 中:
<!-- Replaces the apparent client remote IP address and hostname for
the request with the IP address list presented by a proxy or a
load balancer -->
<Valve className="org.apache.catalina.valves.RemoteIpValve"
requestAttributesEnabled="true"
internalProxies="127\.0\.0\.1" />
注意:如果您想要访问日志中使用的实际远程地址,您还需要配置 AccessLogValve:向其中添加 requestAttributesEnabled="true"。
答案 3 :(得分:0)
将Remote IP address from Nginx设置IP设置为标头:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
之后可以在申请时使用
req.getHeader("X-Forwarded-For")