如何使用Nginx作为反向代理在Spring Boot应用程序上的嵌入式Tomcat访问日志中记录真实的客户端IP? [英] How to log the real client IP on embedded Tomcat access log on Spring Boot application with Nginx as reverse proxy?
问题描述
我在启用了Tomcat访问日志的Spring Boot 1.3.3应用程序的前面安装了Nginx,但是日志记录总是写代理IP地址(127.0.0.1),而不是实际的客户端IP.
I have Nginx in front of a Spring Boot 1.3.3 application with Tomcat access log enabled, but the logging always write the proxy IP address (127.0.0.1) instead of the real client IP.
- X-Real-IP标头用于获取真实的客户端IP吗?
- tomcat是否使用此标头将IP地址写入访问日志?
我有此配置:
application.properties
application.properties
server.use-forward-headers=true
server.tomcat.internal-proxies=127\\.0\\.0\\.1
server.tomcat.accesslog.enabled=true
Nginx配置:
location / {
proxy_pass http://127.0.0.1:8091;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
}
推荐答案
真正的客户端IP在 $ proxy_add_x_forwarded_for
变量(即 X-Forwarded-For
标头)中可用.它将有,"分隔的条目.第一个值是真实的客户端IP.
The real client IP is available in $proxy_add_x_forwarded_for
variable i.e. X-Forwarded-For
header. It will have "," separated entries. The very first value is the real client IP.
要将真实的客户端IP记录在Tomcat的访问日志中,请将AccessLog Valve中的模式值修改为:
To log the real client IP in Tomcat's access logs, modify the pattern value in the AccessLog Valve as:
%{X-Forwarded-For}i %l %u %t "%r" %s %b
这篇关于如何使用Nginx作为反向代理在Spring Boot应用程序上的嵌入式Tomcat访问日志中记录真实的客户端IP?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!