nginx无法获取X-Forwarded-For过来的IP

环境：

CentOS release 6.9 (Final)
nginx 1.6.1

现象：nginx access.log只有记录到一个IP

192.168.1.86 - - [29/Oct/2019:03:44:43 +0800] "GET /web/ HTTP/1.0" 200 15356 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:46:03 +0800] "GET /web HTTP/1.0" 302 0 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:46:03 +0800] "GET /web/login.html HTTP/1.0" 200 15356 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:47:15 +0800] "GET /web HTTP/1.0" 302 0 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:47:15 +0800] "GET /web/ HTTP/1.0" 200 15356 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:48:20 +0800] "GET /web HTTP/1.0" 302 0 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:48:20 +0800] "GET /web/review-reward/evgroup/reward-evgroup-save HTTP/1.0" 200 15356 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:49:26 +0800] "GET /web HTTP/1.0" 302 0 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:49:26 +0800] "GET /web/review-reward/evgroup/reward-evgroup-save HTTP/1.0" 200 15356 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:50:49 +0800] "GET /web HTTP/1.0" 302 0 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:50:49 +0800] "GET /web/ HTTP/1.0" 200 15356 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:52:11 +0800] "GET /web HTTP/1.0" 302 0 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:52:11 +0800] "GET /web/ HTTP/1.0" 200 15356 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:53:13 +0800] "GET /web HTTP/1.0" 302 0 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"
192.168.1.86 - - [29/Oct/2019:03:53:13 +0800] "GET /web/ HTTP/1.0" 200 15356 "-" "Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; Trident/5.0)"

导致这个情况的有二种：
第一种：192.168.1.86可能是台 当前网络环境中的前端机器

A方法：
在网关机器设置 ，如这边设备型号是：AD1800

要禁用SNAT源转换

B方法：
如果是HTTP的应用,可配置7层虚拟服务,【应用负载】-【策略】-【优化策略】新建优化策略,启用传输客户端IP至后台服务器,将该优化策略关联到虚拟服务,配置完成之后AD转发给服务器的数据包的HTTP头部里会插入X-Forwarded-For头部,头部的值就是客户端的真实IP,服务器只要识别到这个头部的值即可读取到客户端的真实IP

第二种：X-Forwarded-For的值没有正确配置出来

对于第二种，解决方法如下：
1、nginx重新编译，configure参数加上选项：--with-http_realip_module

# 查看当前nginx编译参数：
[root@rui home]# /usr/local/nginx/sbin/nginx -V                                                                                                                                      
nginx version: nginx/1.6.1
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC) 
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-openssl=/root/openssl-1.0.2l/ --with-http_ssl_module --add-module=/root/nginx-sticky-module-1.1
[root@rui home]# 


# 进入nginx安装包目录，重新编译，添加--with-http_realip_module参数：
./configure --prefix=/usr/local/nginx --with-openssl=/root/openssl-1.0.2l/ --with-http_ssl_module --add-module=/root/nginx-sticky-module-1.1 --with-http_realip_module

# 编译安装：
make && make install


# 在nginx.conf配置中添加：
http
{
    ...
    #日志格式如下
log_format  '$remote_addr - $remote_user [$time_local] "$request" '
               '$status $body_bytes_sent "$http_referer" '
               '"$http_user_agent" $http_x_forwarded_for';
    ...
}


 server
{
    ...
    set_real_ip_from 192.168.1.0/24;    #允许可此网段过来的访问可以修改real_ip；
    real_ip_header X-Forwarded-For;     #将$x-forward-for的值替换掉real_ip
    ...
}

重载nginx后，再次查看日志：

42.10.6.109 - - [12/Nov/2019:14:15:29 +0800] "GET /web/ HTTP/1.0" 301 278 "http://wangzhirui.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"
51.178.18.228 - - [12/Nov/2019:14:15:44 +0800] "GET /web/j_spring_security_logout HTTP/1.0" 301 278 "http://wangzhirui.com/web/prpapprove/list-for-view?flag=init" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko"
51.178.18.228 - - [12/Nov/2019:14:15:44 +0800] "GET /weihu.html HTTP/1.0" 200 1894 "http://wangzhirui.com/egrantweb/prpapprove/list-for-view?flag=init" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko"
51.178.18.228 - - [12/Nov/2019:14:15:51 +0800] "GET / HTTP/1.0" 200 514 "http://wangzhirui.com/Program/" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko"
51.178.18.228 - - [12/Nov/2019:14:15:51 +0800] "GET /web/ HTTP/1.0" 301 278 "-" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko"
51.178.18.228 - - [12/Nov/2019:14:15:51 +0800] "GET /weihu.html HTTP/1.0" 200 1894 "-" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko"
51.178.81.210 - - [12/Nov/2019:14:15:54 +0800] "POST /web/review-reward/evgroup/reward-evgroup-save HTTP/1.0" 200 0 "http://wangzhirui.com/web/review-reward/evgroup/reward-group-manage?flag=init&atvtype=1" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0"
51.178.81.210 - - [12/Nov/2019:14:15:54 +0800] "POST /web/review-reward/evgroup/reward-group-manage?atvtype=1 HTTP/1.0" 200 9394 "http://wangzhirui.com/web/review-reward/evgroup/reward-group-manage?flag=init&atvtype=1" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0"