Problem Background
In the practical application, we may need to obtain the user's IP address, for example makes the remote landing the judgment, or the statistics IP accesses the frequency and so on, usually we use the request. Remoteaddr can get to the client IP, but when we use the Nginx as a reverse proxy, use request. Remoteaddr gets the IP address of the Nginx server, then what should be done.
principle Explanation
After the reverse proxy, because the client and the Web server between the increase in the middle tier, so the Web server can not directly get the client IP, through the $REMOTE_ADDR variable will be the reverse proxy server IP address.
When you use the Nginx reverse server, use request on the Web side. Remoteaddr (in essence, get $remote_addr), get the Nginx address, that is, the $REMOTE_ADDR variable is encapsulated in the Nginx address, of course, can not get the user's real IP, but, Nginx is able to obtain the user's real IP, that is, nginx use $REMOTE_ADDR variables to obtain the user's real IP, if we want to get the user's real IP on the web, we have to do an assignment here Nginx, as follows:
Proxy_set_header x-real_ip $remote _addr;
The X-REAL_IP is a custom variable name, the name can be arbitrarily taken, so that after the user's real IP is placed in the X-REAL_IP variable, and then, on the web side can be obtained:
Request. Header.get ("X-real_ip")
Here we will explain the relevant variables in Nginx, and usually we will see some configuration
server {
listen ;
server_name localhost;
#charset Koi8-r;
#access_log logs/host.access.log main;
Location/{
root html;
Index index.html index.htm;
Proxy_pass http://backend;
Proxy_redirect off ;
Proxy_set_header Host $host;
Proxy_set_header x-real-ip $remote _addr;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
# proxy_set_header x-forwarded-for $http _x_forwarded_for
}
}
1. Proxy_set_header x-real_ip $remote _addr;
This sentence has been explained before, with this sentence can be on the Web server to obtain the user's real IP
But, in fact, to get the user's real IP, not only this method, we continue to see below.
2. Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
Let's take a look at the x-forwarded-for variable, a non-RFC standard developed by squid, to identify a client address that is connected to a Web server via an HTTP proxy or load Balancer original IP, if there is a x-forwarded-for setting , each pass proxy forwarding will have records, format is CLIENT1, Proxy1, Proxy2, separated by commas each address, because he is a non-RFC standard, so the default is not, need to force add, by default, by proxy forwarding request, At the back end it appears that the remote address is the IP of the proxy end. In other words, we use request by default. Header.get ("X-forwarded-for") can not get the user's IP, if we want to get the user's IP through this variable, we need to add the following configuration in Nginx:
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
It means to add a $proxy_add_x_forwarded_for to the x-forwarded-for, note that it is added, not overwritten, of course because the default X-forwarded-for value is empty, So we always feel that the value of x-forwarded-for is equal to $proxy_add_x_forwarded_for value, actually when you build two nginx on different IP, and all use this configuration, Then you will find that the request is passed on the Web server side. Header.get ("X-forwarded-for") will get the client IP and the first nginx IP.
Then what is $proxy_add_x_forwarded_for.
The $proxy _add_x_forwarded_for variable contains the "X-forwarded-for" in the client request header, separated from the $remote_addr in two parts.
For example, there is a Web application that passed two Nginx forwards before it, where the user accesses the web through two nginx.
In the first nginx, use
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
Now the "x-forwarded-for" portion of the $proxy_add_x_forwarded_for variable is empty, so only the $remote_addr, and the $REMOTE_ADDR value is the user's IP, and then after the assignment, The value of the x-forwarded-for variable is the real IP address of the user.
To the second nginx, use
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
Now the $proxy_add_x_forwarded_for variable, x-forwarded-for part contains the user's real IP, $remote the _addr part of the value is the previous Nginx IP address, Then the value of x-forwarded-for after this assignment becomes the "User's real IP, the first nginx IP".
Finally we see that there is also a $http_x_forwarded_for variable, this variable is x-forwarded-for, because before we said that the default of this x-forwarded-for is empty, so when we directly use the proxy_set_ Header x-forwarded-for $http _x_forwarded_for will find that the Web server side uses request. The value obtained by Header.get ("x-forwarded-for") is null. If you want to pass the request. Header.get ("x-forwarded-for") access to User IP, you must first use the Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for; So you can get the user's real IP.