Get real IP in Nginx

Original: http://blog.csdn.net/a936676463/article/details/8961504

server {

Listen 80;

server_name localhost;

Location/{

root HTML;

Index index.html index.htm;

Proxy_pass Http://backend;

Proxy_redirect off;

Proxy_set_header Host $host;

Proxy_set_header X-real-ip $remote _addr;

Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;

# Proxy_set_header x-forwarded-for $http _x_forwarded_for;

}

Scenario 1

Nginx here is an assignment operation, as follows:

Proxy_set_header X-real-ip $remote _addr;

Where this x-real-ip is a custom variable name, the name can be arbitrarily taken, so that after the user's real IP is placed in the variable X-real-ip, and then, on the web side can be obtained:

Request.getattribute ("X-real-ip")

Scenario 2

Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;

Let's see, here's a x-forwarded-for variable, which is a squid developed to identify non-RFC standards that connect to a Web server's client address through an HTTP proxy or a load Balancer original IP, if there is a x-forwarded-for setting. , every time through proxy forwarding will have records, the format is CLIENT1, Proxy1, Proxy2, separated by commas each address, because he is non-RFC standard, so the default is not, you need to force the addition, by default, by proxy forwarding request, At the back end it appears that the remote address is the IP of the proxy side. That is to say, by default we use Request.getattribute ("X-forwarded-for") to obtain the user's IP, if we want to get the user's IP through this variable, we need to add the following configuration in Nginx:

Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;

To add a $proxy_add_x_forwarded_for to x-forwarded-for, note that it is increased, not overwritten, of course, because the default X-forwarded-for value is empty, So we always feel that the value of x-forwarded-for is equal to the value of $proxy_add_x_forwarded_for, in fact, when you build two nginx on different IP, and all use this configuration, Then you will find that the client IP and the first Nginx IP will be obtained through Request.getattribute ("X-forwarded-for") on the Web server side.

So what is $proxy_add_x_forwarded_for?

$proxy The _add_x_forwarded_for variable contains the "X-forwarded-for" in the client request header, separated from the $remote_addr two parts with commas.

For example, there is a Web application that passed two Nginx forwards before it, that is, the user accesses the web through two nginx.

In the first nginx, use the

Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;

Now the "X-forwarded-for" part of the $proxy_add_x_forwarded_for variable is empty, so only $remote_addr, and the value of $REMOTE_ADDR is the user's IP, so after assignment, The value of the x-forwarded-for variable is the real IP address of the user.

To the second nginx, use

Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;

Now the $proxy_add_x_forwarded_for variable, the x-forwarded-for part contains the user's real IP, $remote _addr part of the value is the last Nginx IP address, So through this assignment, the value of the x-forwarded-for now becomes the "user's real IP, the first nginx IP", so it is clear.

Finally we see that there is also a $http_x_forwarded_for variable, this variable is x-forwarded-for, as we said before, the default of this x-forwarded-for is empty, so when we directly use proxy_set_ Header x-forwarded-for $http _x_forwarded_for that the value obtained by using Request.getattribute ("X-forwarded-for") on the Web server side is null. If you want to obtain a user IP through Request.getattribute ("X-forwarded-for"), you must first use Proxy_set_header x-forwarded-for $proxy _add_x_forward Ed_for, so that you can get the user's real IP.

Get real IP (GO) in Nginx