通过Nginx反向代理后,HttpServletRequest.getRemoteAddr()方法无法获取到用户的真实IP,只能获取到本机IP127.0.0.1,这是因为传入Java后端的是Nginx本机的IP
解决办法将用户的IP存储到Nginx的消息头,Java后端直接通过消息头获取用户真实的IP
解决过程 Nginx将真实IP存储到消息头在Nginx配置文件的http{}中加入以下代码:
# 下面三行为重点,添加后就可以获取到客户端真实IP
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
# 下面三行为常见反向代理传递真实客户端IP的配置,配置在http{}中,则全局应用在下面的所有server中
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Java获取真实IP
package com.ledao.util;
import javax.servlet.http.HttpServletRequest;
public class IpUtil {
public static String getIpAddr(HttpServletRequest request) {
String fromSource = "X-Real-IP";
String ip = request.getHeader(fromSource);
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("X-Forwarded-For");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
}
return ip;
}
}
