问题概述

通过Nginx反向代理后,HttpServletRequest.getRemoteAddr()方法无法获取到用户的真实IP,只能获取到本机IP127.0.0.1,这是因为传入Java后端的是Nginx本机的IP

解决办法

将用户的IP存储到Nginx的消息头,Java后端直接通过消息头获取用户真实的IP

解决过程

Nginx将真实IP存储到消息头

在Nginx配置文件的http{}中加入以下代码:

1
2
3
4
5
6
7
8
9
# 下面三行为重点,添加后就可以获取到客户端真实IP
set_real_ip_from 0.0.0.0/0;
real_ip_header  X-Forwarded-For;
real_ip_recursive on;
    
# 下面三行为常见反向代理传递真实客户端IP的配置,配置在http{}中,则全局应用在下面的所有server中
proxy_set_header Host      $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

Java获取真实IP

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
package com.ledao.util;

import javax.servlet.http.HttpServletRequest;

/**
 * @author LeDao
 * @company
 * @create 2021-12-14 12:20
 */
public class IpUtil {

    public static String getIpAddr(HttpServletRequest request) {
        String fromSource = "X-Real-IP";
        String ip = request.getHeader(fromSource);
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("X-Forwarded-For");
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("Proxy-Client-IP");
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("WL-Proxy-Client-IP");
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getRemoteAddr();
        }
        return ip;
    }
}