如何使用Nginx作为反向代理在Spring Boot应用程序上的嵌入式Tomcat访问日志中记录真实的客户端IP? [英] How to log the real client IP on embedded Tomcat access log on Spring Boot application with Nginx as reverse proxy?

问题描述

我在启用了Tomcat访问日志的Spring Boot 1.3.3应用程序的前面安装了Nginx，但是日志记录总是写代理IP地址(127.0.0.1)，而不是实际的客户端IP.

I have Nginx in front of a Spring Boot 1.3.3 application with Tomcat access log enabled, but the logging always write the proxy IP address (127.0.0.1) instead of the real client IP.

1. X-Real-IP标头用于获取真实的客户端IP吗?
2. tomcat是否使用此标头将IP地址写入访问日志?

我有此配置:

application.properties

application.properties

server.use-forward-headers=true
server.tomcat.internal-proxies=127\\.0\\.0\\.1
server.tomcat.accesslog.enabled=true

Nginx配置:

location / {
    proxy_pass http://127.0.0.1:8091;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Forwarded-Port 443;
    proxy_set_header Host $host;
}

推荐答案

真正的客户端IP在 $ proxy_add_x_forwarded_for 变量(即 X-Forwarded-For 标头)中可用.它将有，"分隔的条目.第一个值是真实的客户端IP.

The real client IP is available in $proxy_add_x_forwarded_for variable i.e. X-Forwarded-For header. It will have "," separated entries. The very first value is the real client IP.

要将真实的客户端IP记录在Tomcat的访问日志中，请将AccessLog Valve中的模式值修改为:

To log the real client IP in Tomcat's access logs, modify the pattern value in the AccessLog Valve as:

%{X-Forwarded-For}i %l %u %t "%r" %s %b

这篇关于如何使用Nginx作为反向代理在Spring Boot应用程序上的嵌入式Tomcat访问日志中记录真实的客户端IP?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！