Nginx reverse proxy, the servlet application via request.getremoteaddr () IP is nginx IP address, not the client real IP, through the Request.getrequesturl () access to the domain name, protocol, Ports are domain names, protocols, and ports that are Nginx access to Web applications, not real domain names, protocols, and ports on the address bar of the client browser.
Nginx's reverse proxy is actually a bridge between the client and the real application server, and the client (typically the browser) accesses the Nginx server and Nginx access to the Web application server. For Web applications, the client of this HTTP request is nginx rather than the real client browser, and if no special processing is done, the Web application treats Nginx as the client of the request, and the client information obtained is NGINX information.
There are two ways to solve this problem:
1. Since nginx is a proxy server, all client requests are forwarded from Nginx to Tomcat, and if Nginx does not tell tomcat the client's true IP, domain name, protocol, and port, then Tomcat application will never know this information, So it is necessary to configure some HTTP headers to nginx this information to the proxy tomcat;
2. At the end of Tomcat, you can no longer foolishly obtain information about the client (that is, nginx) that is directly connected to it, but rather to get the client information from the HTTP header passed over Nginx.
Nginx
Add the following configuration at each location of the agent:
1 2 3 4Proxy_set_header Host $http _host; Proxy_set_header x-real-ip $remote _addr; Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for; Proxy_set_header X-forwarded-proto $scheme;
Explains the configuration above, which is to add some request headers when nginx the reverse proxy.
1. Host contains the real domain name and port number of the client;
2. X-forwarded-proto represents the client's true protocol (HTTP or HTTPS);
3. X-REAL-IP represents the true IP of the client;
4. X-forwarded-for this header is similar to X-REAL-IP, but it contains the IP of the real client and each proxy server in the middle of a multi-tier proxy.
After you configure this step, you cannot completely resolve the problem. Tomcat also needs to configure
If you search the web for "Java How to get client real IP", most of the search solutions are by getting HTTP request headers Request.getheader ("X-forwarded-for") or Request.getheader (" X-real-ip ") to implement, which is the header configured above on the nginx, the result of this scheme is indeed correct, but not elegant. Since the Servlet API provides a REQUEST.GETREMOTEADDR () method for client IP, it should be transparent to the code writer regardless of whether or not a reverse proxy is used. Here's a more elegant way to do this.
Using Tomcat as an application server, you can finally add to the host element by configuring Tomcat's Server.xml file:
<valve classname= "Org.apache.catalina.valves.RemoteIpValve"/>
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
