Shulou(Shulou.com)05/31 Report--

This article mainly introduces "Tomcat how to obtain the real client IP address after Nginx agent". In daily operation, I believe that many people have doubts about how Tomcat obtains the real client IP address after Nginx proxy. Xiaobian consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful for everyone to answer the question of "Tomcat how to obtain the real client IP address after Nginx agent". Next, please follow the editor to study!

In the traditional architecture, when small and medium-sized enterprises adopt the architecture of Nginx+Tomcat, the client request will be forwarded from Nginx to the back-end Tomcat. When there is a need to see the real IP address of the client in the Tomcat log, we need to use the proxy_set_header instruction of Nginx to assist, and we also need to modify the log format of Tomcat for localhost_access. Otherwise, the visitor IP recorded by tomcat is all Nginx, because all requests are forwarded by the Nginx front-end server.

Nginx configuration log format

Nginx needs to obtain the real IP address of the client before sending the real IP address of the client to the backend Tomcat, so you also need to configure the log format of Nginx. The most important configuration in the log format of Nginx proxy Tomcat is $remote_addr to obtain the real client IP address. The Nginx log format here is as follows:

Log_format main'$remote_addr "" $remote_user "" [$time_local] "" $request "'" $status "" $body_bytes_sent "" $http_referer "'" $http_user_agent "" $http_x_forwarded_for "" $gzip_ratio "'" $upstream_addr "" $request_time " "" $upstream_response_time "" $http_host "'

For more information on Nginx log formats, see https://k8sops.cn/nginx_log_module/

Nginx configuration forwarding IP header

The proxy_set_header instruction can be configured into three configuration segments: http, server, and location. Here, I configure it in the location field.

Location ^ ~ / crm-newm {proxy_pass http://172.26.3.55:8086; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header Port $proxy_port; proxy_set_header X-Real-IP $remote_addr;}

Proxy_http_version instruction parsing: the proxy_http_version directive is used to set the HTTP protocol version of the agent. By default, version 1.0 is used. Version 1.1 is recommended for keepalive connections and NTLM authentication

Syntax: proxy_http_version 1.0 | 1.1 position default: proxy_http_version 1.0 position context: http, server, location

The proxy_set_header proxy_set_header directive is used to redefine the header or append fields to the request header of the proxy server. This value can contain text, variables, or a combination of text variables.

Proxy_set_header Host $host; Host is custom text, and the $host variable is a built-in variable in Nginx to get the current hostname

Proxy_set_header Port $proxy_port; Port is custom text, and the $proxy_port variable is also a built-in variable in Nginx, which is used to obtain the host port of the nginx agent

Proxy_set_header X-Real-IP $remote_addr; X-Real-IP is custom text, and the $remote_addr variable is also a built-in variable in Nginx, which is used to obtain the real client IP address, which is the same as $remote_addr in Nginx.

The above configuration is case-insensitive for HTTP premium content.

Explanation of Tomcat log format

In the conf/server.xml file under the tomcat home directory, navigate to the logs field to modify the tomcat log format

Vim conf/server.xml

Prefix prefix is used to specify the prefix of the tomcat access log

Suffix suffix is used to specify the suffix of the tomcat access log

Pattern pattern is used to specify the output format of the tomcat access log

The supported formats for access logs are as follows:

% a-remote IP address% A-Local IP address% b-Bytes sent, excluding HTTP headers, or "-" if bytes are not sent B-bytes sent Excluding HTTP header% h-remote hostname% H-request protocol% l-(lowercase L)-remote logic from the username of identd (always return'-')% m-request method% p-local port% Q-query string (preceded by a "?" If it exists, otherwise it is an empty string% r-request for the first line% s-HTTP status code for the response% S-user session ID%t-date and time In common log format% u-remote user authentication% U-URL path of the request% v-local server name (access domain name)% D-time to process the request (in milliseconds)% T-time to process the request (in seconds)% I-(uppercase I)-name of the thread of the current request

In addition, you can write to the log file the query parameters of the request request, the value of the session session variable, the cookie value, or the variable value of the content of the HTTP request / response header. It mimics the syntax of apache:

% {XXX} I xxx represents incoming header (HTTP Request)% {XXX} o xxx represents outgoing response header (Http Resonse)% {XXX} c xxx represents specific Cookie name% {XXX} r xxx represents ServletRequest attribute name% {XXX} s xxx represents attribute name in HttpSession configure Tomcat logging customer real IP

This configuration requires modifying the log format of Tomcat to support recording the real IP address of the client, which is not allowed by default. The real client IP address cannot be obtained by using% an in the log format in the Nginx+Tomcat schema, and the real client IP address can be obtained by accessing Tomcat directly. If you want to record the real client IP address in the Nginx+Tomcat schema, you need to add the% {X-Real-IP} I configuration to the log format to obtain,% {X-Real-IP} I is the text we specified in the Nginx location configuration section to get the value of the $remote_addr variable, which is passed to Tomcat here. % {Port} I is also the text we defined in Nginx to get the back-end forwarding port, which also forwards the value to Tomcat.

The above log output format is separated by spaces by default. I have typesetted the above format. The tomcat output access log is as follows:

1.% t date and time 2.% {X-Real-IP} I client real IP address 3.% Nginx% p remote IP (Nginx proxy IP), remote port (the port on which the client accesses Nginx) 4.% Nginx% {Port} I local IP address and accessed local port 5.% m HTTP request method 6.% s request status code 7.% S user session ID8. % u remote user authentication 9.% H HTTP request protocol 10.% v-accessed domain 11.% U-accessed URL12. The number of bytes sent by% b, excluding the HTTP header, or "-" if the byte 13.% T Tomcat processing time (in seconds) 14.% I (uppercase I) the name of the currently requested thread is not sent, the study on "how to get the real client IP address after the Nginx agent" is over, hoping to solve everyone's doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.