How to log the real client IP on embedded Tomcat access log on Spring Boot application with Nginx as reverse proxy?
Question
I have Nginx in front of a Spring Boot 1.3.3 application with Tomcat access log enabled, but the logging always write the proxy IP address (127.0.0.1) instead of the real client IP.
- Is the X-Real-IP header used to get the real client IP?
- Is this header used by tomcat to write the IP address in the access log?
I have this configuration:
application.properties
server.use-forward-headers=true
server.tomcat.internal-proxies=127\\.0\\.0\\.1
server.tomcat.accesslog.enabled=true
Nginx configuration:
location / {
proxy_pass http://127.0.0.1:8091;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
}
1 answers
solution1
4 ACCPTED 2016-04-01 13:12:18
The real client IP is available in $proxy_add_x_forwarded_for variable ie X-Forwarded-For header. It will have "," separated entries. The very first value is the real client IP.
To log the real client IP in Tomcat's access logs, modify the pattern value in the AccessLog Valve as:
%{X-Forwarded-For}i %l %u %t "%r" %s %b
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.