As the front-end uses Nginx as the proxy server, the proxy backend Web server and the Tomcat server, the client IP that discovers the back-end server's access log records is the nginx reverse machine IP, so, the following method can let the back-end server get to the real client IP.
First, add the server{} to the front-end Nginx server:
Proxy_set_header Host $host;
Proxy_set_header X-real-ip $remote _addr;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
The above adds 3 HTTP headers, where X-real-ip is the true IP
Then the back-end server needs to add a module,--with-http_realip_module, if it is tengine, it does not need to recompile, he has brought his own.
Nginx Online Smooth Add new module, (here is back-end Web server)
See the compiled modules first/usr/local/webserver/nginx/sbin/nginx-v
1. CD nginx1.2.6
2./configure--with-luajit--with-http_flv_module--with-http_ssl_module--with-http_stub_status_module-- With-http_realip_module
3. Make do not install will overwrite the previous configuration file
4, Cp/usr/local/webserver/nginx/sbin/nginx/usr/local/webserver/nginx/sbin/nginx.bak
5,CP./objs/nginx/usr/local/webserver/nginx/sbin/
(if "Nginx is busy prompt" first stop nginx run/usr/local/webserver/nginx/sbin/nginx-s stop)
6. Restart /usr/local/webserver/nginx/sbin/nginx
7. CD /usr/local/webserver/nginx/conf
Vim nginx.conf
in the server, add and open the default log format.
HTTP {
Include Mime.types;
Default_type Application/octet-stream;
Log_format Main ' $remote _addr-$remote _user [$time _local] "$request" '
' $status $body _bytes_sent ' $http _referer '
' "$http _user_agent" "$http _x_forwarded_for";
Access_log/home/nginx/logs/nginx_access.log main;
Include Deny.ip;
server {
Listen 80;
server_name localhost www.ifeng.com;
More_set_headers ' Server:VodServer.KSD ';
Underscores_in_headers on;
Proxy_set_header Host $host;
Proxy_set_header X-real-ip $remote _addr;
Set_real_ip_from IP Address of the reverse generation;
Real_ip_header X-real-ip;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;
}
8, monitoring/home/nginx/logs/nginx_access.log, whether effective, if there is no anti-generation IP indicates that has been acquired to the real IP
This article is from the "Crazy_sir" blog, make sure to keep this source http://douya.blog.51cto.com/6173221/1579159
Nginx does the front end, the backend Web server cannot get the IP of the real client, the workaround