文章目錄
- 前言
- 問題原因
- 解決方案
- 修改Nginx配置文件
- SpringBoot代碼實現
前言
項目部署后發現服務端無法獲取到客戶端真實的IP地址,這是怎么回事呢?給我都整懵逼了,經過短暫的思考,我發現了問題的真兇,那就是我們使用了Nginx作的請求轉發,這才導致了獲取不到客戶端真實的IP地址,害,看看我是怎么解決的吧!
問題原因
客戶端請求數據時走的是Nginx反向代理,默認情況下客戶端的真實IP地址會被其過濾,使得SpringBoot程序無法直接獲得真實的客戶端IP地址,獲取到的都是Nginx的IP地址。
解決方案
通過更改Nginx配置文件將客戶端真實的IP地址加到請求頭中,這樣就能正常獲取到客戶端的IP地址了,下面我一步步帶你看看如何配置和獲取。
修改Nginx配置文件
在需要做請求轉發的配置里添加下面的配置
#這個參數設置了HTTP請求頭的Host字段,host表示請求的Host頭,也就是請求的域名。通過這個設置,Nginx會將請求的Host頭信息傳遞給后端服務。
proxy_set_header Host $host;
#這個參數設置了HTTP請求頭的X?Real?IP字段,remote_addr表示客戶端的IP地址。通過這個設置,Nginx會將客戶端的真實IP地址傳遞給后端服務
proxy_set_header X-Real-IP $remote_addr;
#這個參數設置了HTTP請求頭的 X-Forwarded-For字段,"X-Forwarded-For"是一個標準的HTTP請求頭,用于表示HTTP請求經過的代理服務器鏈路信息,proxy_add_x_forwarded_for表示添加額外的服務器鏈路信息。
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
修改后我的nginx.conf中的server如下所示
nginx復制代碼
server {listen 443 ssl;server_name xxx.com;ssl_certificate "ssl證書pem文件";ssl_certificate_key "ssl證書key文件";ssl_session_timeout 5m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;ssl_prefer_server_ciphers on;location / {root 前端html文件目錄;index index.html index.htm;}error_page 500 502 503 504 /50x.html;location = /50x.html {root html;}# 關鍵在下面這個配置,上面的配置自己根據情況而定就行location /hello{proxy_pass http://127.0.0.1:8090;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}
}
SpringBoot代碼實現
第一種方式:在代碼中直接通過X-Forwarded-For獲取到真實IP地址
@Slf4j
public class CommonUtil {/*** <p> 獲取當前請求客戶端的IP地址 </p>** @param request 請求信息* @return ip地址**/public static String getIp(HttpServletRequest request) {if (request == null) {return null;}String unknown = "unknown";// 使用X-Forwarded-For就能獲取到客戶端真實IP地址String ip = request.getHeader("X-Forwarded-For");log.info("X-Forwarded-For:" + ip);if (ip == null || ip.length() == 0 || unknown.equalsIgnoreCase(ip)) {ip = request.getHeader("Proxy-Client-IP");log.info("Proxy-Client-IP:" + ip);}if (ip == null || ip.length() == 0 || unknown.equalsIgnoreCase(ip)) {ip = request.getHeader("WL-Proxy-Client-IP");log.info("WL-Proxy-Client-IP:" + ip);}if (ip == null || ip.length() == 0 || unknown.equalsIgnoreCase(ip)) {ip = request.getHeader("HTTP_X_FORWARDED_FOR");log.info("HTTP_X_FORWARDED_FOR:" + ip);}if (ip == null || ip.length() == 0 || unknown.equalsIgnoreCase(ip)) {ip = request.getHeader("HTTP_X_FORWARDED");log.info("HTTP_X_FORWARDED:" + ip);}if (ip == null || ip.length() == 0 || unknown.equalsIgnoreCase(ip)) {ip = request.getHeader("HTTP_X_CLUSTER_CLIENT_IP");log.info("HTTP_X_CLUSTER_CLIENT_IP:" + ip);}if (ip == null || ip.length() == 0 || unknown.equalsIgnoreCase(ip)) {ip = request.getHeader("HTTP_CLIENT_IP");log.info("HTTP_CLIENT_IP:" + ip);}if (ip == null || ip.length() == 0 || unknown.equalsIgnoreCase(ip)) {ip = request.getHeader("HTTP_FORWARDED_FOR");log.info("HTTP_FORWARDED_FOR:" + ip);}if (ip == null || ip.length() == 0 || unknown.equalsIgnoreCase(ip)) {ip = request.getHeader("HTTP_FORWARDED");log.info("HTTP_FORWARDED:" + ip);}if (ip == null || ip.length() == 0 || unknown.equalsIgnoreCase(ip)) {ip = request.getHeader("HTTP_VIA");log.info("HTTP_VIA:" + ip);}if (ip == null || ip.length() == 0 || unknown.equalsIgnoreCase(ip)) {ip = request.getHeader("REMOTE_ADDR");log.info("REMOTE_ADDR:" + ip);}if (ip == null || ip.length() == 0 || unknown.equalsIgnoreCase(ip)) {ip = request.getRemoteAddr();log.info("getRemoteAddr:" + ip);}return ip;}
第二種方式:在application.yml文件中加以下配置,直接通過request.getRemoteAddr()并可以獲取到真實IP
server:port: 8090tomcat:#Nginx轉發 獲取客戶端真實IP配置remoteip:remote-ip-header: X-Real-IPprotocol-header: X-Forwarded-Proto
tree-select 下拉多選(設置 maxTagPlaceholder 隱藏 tag 時顯示的內容,支持鼠標懸浮展示更多)
)
簡單示例)
)
)