After using CDN, how does PHP get the user's real IP?

IP is an important parameter when it comes to statistical access log parameters, and all IP requests from the client are critical.
In the Log_format configuration, there are two variables that obtain the IP address:
REMOTE_ADDR: Client IP
X_forwarded_for: IP for Client

From the above two are all client IP, then what is the difference between these two variables?

First when you visit a website, if you do not go through any agent, then webserver will be remote_addr as your client's IP, but you use the agent or the service side has agents webserver obtained REMOTE_ADDR is not accurate, At this point, we need another variable x_forwarded_for, he added the client's IP to the HTTP header, so that can get to the client's real IP.

Let's look at the configuration information below:

 log_format main ‘$http_x_forwarded_for - $remote_user [$time_local] ‘                       ‘"$request" $status $body_bytes_sent ‘                       

Let's introduce the meaning of each variable:

 $remote_addr, $http_x_forwarded_for 记录客户端IP地址      $time_local 通用日志格式下的本地时间。      $request 记录请求的URL和HTTP协议      $status 记录请求状态       $bytes_sent 发送给客户端的总字节数。     $http_referer 记录从哪个页面链接访问过来的      $http_user_agent 记录客户端浏览器相关信息     $upstream_addr 后台upstream的地址，即真正提供服务的主机地址 $request_time 整个请求的总时间

Below we are looking at the specific log:

  115.45.71.215--[21/dec/2015:00:01:34 +0800] "get/bbs/sidebar/sidebar.php?t=1450627317853&callback=cal48995 http/1.1 "313" http://www.xxxx.com.cn/bbs/viewthread.php?tid=25687628&page=2 "" mozilla/5.0 (Windows NT 5.1) applewebkit/537.36 (khtml, like Gecko) chrome/31.0.1650.63 safari/537.36 "" 127.0.0.1:9000 "" 0.002 "221.222.123.63--[21 /dec/2015:00:01:34 +0800] "get/bbs/sidebar/sidebar.php?action=pserid&fid=91&callback=cal38263 HTTP/1.1" 332 "Http://www.xxxx.com.cn/bbs/viewthread.php?tid=25655586&page=5" "mozilla/5.0 (IPad; CPU os 8_4 like Mac os X applewebkit/600.1.4 (khtml, like Gecko) version/6.0 mqqbrowser/4.9.3 mobile/12h143 safari/7534.4 8.3 "" 127.0.0.1:9000 "" 0.004 " 

We can see a lot of information through the two logs above.

But after you use a CDN, is that what it looks like?

In the last week, my development partners to find me that he did not see the user's true IP, the user all the IP has become a,, heard the news I was stunned, to see a bit to determine is x_forwarded_for problem

The reason is that we used the blue message CDN .... Here are some reasons why

After using CDN acceleration, the user will first access the CDN, if the CDN does not, then back to the source station (that is, your reverse proxy) to fetch data (our agent is the Nginx-made backend and a netscaler). When the CDN returns to the source station, it will add the X_forwarded_for header information, save the user's real IP, and the reverse proxy will set this value, but it will not overwrite, but add the IP of the CDN server (that is, the current remote_addr) to the X_forwarded_ For the back, so that the x_forwarded_for will save two values. Nginx will use the first of these values, that is, the customer's real IP, and PHP will use the second, that is, the CDN address, that is, the development of small partners said that all users are the value of an IP.

How can I get PHP to use the first value?
Added in the Fastcgi_params configuration
Fastcgi_param http_x_forwarded_for $http _x_forwarded_for;
It will use the value of Nginx (that is, the first IP) to PHP, so PHP to get the x_forwarded_for in fact there is only one value, it will not use the second CDN IP.

 Fastcgi_param query_string $query _string; Fastcgi_param Request_method $request _method; Fastcgi_param Content_Type $content _type; Fastcgi_param content_length $content _length; Fastcgi_param script_name $fastcgi _script_name; Fastcgi_param Request_uri $request _uri; Fastcgi_param Document_uri $document _uri; Fastcgi_param document_root $document _root; Fastcgi_param server_protocol $server _protocol; Fastcgi_param Gateway_interface cgi/1.1; Fastcgi_param Server_software Nginx; Fastcgi_param remote_addr $remote _addr; Fastcgi_param Remote_port $remote _port; Fastcgi_param server_addr $server _addr; Fastcgi_param server_port $server _port; Fastcgi_param server_name $server _name; Fastcgi_param http_x_forwarded_for $http _x_forwarded_for; # PHP only, required if PHP is built with--enable-force-cgi-redirect Fastcgi_param Redirect_status 200; #fastcgi_param Hessian_domain "http://172.16.112.212 ";  #fastcgi_param Des_token "SDDSDREUIOWERFNDDNFADSKLJDKLJFALFDSJFDASL";  #fastcgi_param Cook_hashkey "SDHKDSSDDSJEWIOJJSSD";

OK, now the small partner of the yellow film can get the user's real IP.

?

After using CDN, how does PHP get the user's real IP?