前言

通过

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId>
    <version>2.3.12.RELEASE</version>
</dependency>

引入了

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-autoconfigure</artifactId>
    <version>2.3.12.RELEASE</version>
</dependency>
<dependency>
    <groupId>org.apache.tomcat.embed</groupId>
    <artifactId>tomcat-embed-core</artifactId>
    <version>9.0.46</version>
</dependency>

引入点

customizeRemoteIpValve:175, TomcatWebServerFactoryCustomizer (org.springframework.boot.autoconfigure.web.embedded)
customize:86, TomcatWebServerFactoryCustomizer (org.springframework.boot.autoconfigure.web.embedded)
customize:61, TomcatWebServerFactoryCustomizer (org.springframework.boot.autoconfigure.web.embedded)
lambda$postProcessBeforeInitialization$0:72, WebServerFactoryCustomizerBeanPostProcessor (org.springframework.boot.web.server)
accept:-1, 654232823 (org.springframework.boot.web.server.WebServerFactoryCustomizerBeanPostProcessor$$Lambda$333)
lambda$null$0:287, LambdaSafe$Callbacks (org.springframework.boot.util)
get:-1, 1039022700 (org.springframework.boot.util.LambdaSafe$Callbacks$$Lambda$330)
invoke:159, LambdaSafe$LambdaSafeCallback (org.springframework.boot.util)
lambda$invoke$1:286, LambdaSafe$Callbacks (org.springframework.boot.util)
accept:-1, 113602559 (org.springframework.boot.util.LambdaSafe$Callbacks$$Lambda$329)
forEach:1257, ArrayList (java.util)
forEach:1080, Collections$UnmodifiableCollection (java.util)
invoke:286, LambdaSafe$Callbacks (org.springframework.boot.util)
postProcessBeforeInitialization:72, WebServerFactoryCustomizerBeanPostProcessor (org.springframework.boot.web.server)
postProcessBeforeInitialization:58, WebServerFactoryCustomizerBeanPostProcessor (org.springframework.boot.web.server)
applyBeanPostProcessorsBeforeInitialization:415, AbstractAutowireCapableBeanFactory (org.springframework.beans.factory.support)
initializeBean:1791, AbstractAutowireCapableBeanFactory (org.springframework.beans.factory.support)
doCreateBean:594, AbstractAutowireCapableBeanFactory (org.springframework.beans.factory.support)
createBean:516, AbstractAutowireCapableBeanFactory (org.springframework.beans.factory.support)
lambda$doGetBean$0:324, AbstractBeanFactory (org.springframework.beans.factory.support)
getObject:-1, 1940601516 (org.springframework.beans.factory.support.AbstractBeanFactory$$Lambda$176)
getSingleton:234, DefaultSingletonBeanRegistry (org.springframework.beans.factory.support)
doGetBean:322, AbstractBeanFactory (org.springframework.beans.factory.support)
getBean:207, AbstractBeanFactory (org.springframework.beans.factory.support)
getWebServerFactory:212, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
createWebServer:177, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
onRefresh:158, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
refresh:545, AbstractApplicationContext (org.springframework.context.support)
refresh:143, ServletWebServerApplicationContext (org.springframework.boot.web.servlet.context)
refresh:755, SpringApplication (org.springframework.boot)
refresh:747, SpringApplication (org.springframework.boot)
refreshContext:402, SpringApplication (org.springframework.boot)
run:312, SpringApplication (org.springframework.boot)
run:1247, SpringApplication (org.springframework.boot)
run:1236, SpringApplication (org.springframework.boot)

在创建tomcat容器时的ServletWebServerApplicationContext#createWebServer。

ServletWebServerFactory factory = getWebServerFactory();
this.webServer = factory.getWebServer(getSelfInitializer());

getWebServerFactory()方法会从beanFactory中获取ServletWebServerFactory对象。构造这个bean的过程中，会执行提前注册好的WebServerFactoryCustomizerBeanPostProcessor。
WebServerFactoryCustomizerBeanPostProcessor.postProcessBeforeInitialization会获取所有实现WebServerFactoryCustomizer的bean，并执行他们的customize()方法。
这其中就包括TomcatWebServerFactoryCustomizer，这里增加了tomcat专用的一些features.

Customization for Tomcat-specific features common for both Servlet and Reactive servers.

其中的customizeRemoteIpValve()方法会根据条件向tomcat中加入RemoteIpValve

customizeRemoteIpValve()方法内部会通过CloudPlatform类判断当前是否是一些云或容器环境，比如k8s等。如果是的话，就会在tomcat的engineValves中加入RemoteIpValve

RemoteIpValve

tomcat会将原始的http报文封装成org.apache.catalina.connector.Request，我们可以从中获取到remoteAddr和http header。
RemoteIpValve中，首先判断remoteAddr是否是内部代理地址，内部代理默认是所有的内网ip。
一般微服务接收到的请求都是经过gateway服务调用的，所以这一步判断都是true。判断为true后，RemoteIpValve会从右向左遍历X-Forwarded-Forheader。移除遇到的内网ip，直到见到第一个公网ip。将这个公网ip从X-Forwarded-For中移除，放至remoteAddr中。RemoteIpValve的javadoc有更多的例子。
例如：

property	Value Before RemoteIpValve	Value After RemoteIpValve
request.remoteAddr	192.168.0.10	140.211.11.130
request.header['x-forwarded-for']	140.211.11.131, 140.211.11.130, 192.168.0.11, 192.168.0.10	140.211.11.131

因为这块逻辑，我们在Spring中获取到的x-forwarded-forheader可能与原始http报文不一致，user ip这是会被放到remoteAddr字段中。

题外话

如果使用x-forwarded-for的第一个ip作为用户ip，实际是不安全的。因为用户可以伪造x-forwarded-for。但如果使用云厂商的应用防火墙/反向代理服务的话，云厂商一般会x-forwarded-for添加用户真实ip。

比如
用户发起请求时，设置 x-forwarded-for: 111.111.111.111，111.111.111.111可以为任意伪造ip。
微服务收到的http报文为

x-forwarded-for: 111.111.111.111, 云厂商公网ip, 用户真实ip, 网关内网ip

经过RemoteIpValve处理后，从Spring上下文中获取的是

x-forwarded-for: 111.111.111.111, 云厂商公网ip

remoteAddr为用户真实ip。

但也不能直接使用remoteAddr作为用户真实ip，因为如果在云厂商服务和网关之间，自行配置了负载均衡服务，而这个服务的配置没有处理好的话，
微服务收到的http报文会变成

x-forwarded-for: 111.111.111.111, 云厂商公网ip, 用户真实ip, 负载均衡服务内网ip, 111.111.111.111, 网关内网ip

再经过RemoteIpValve处理后，从Spring上下文中获取的是

x-forwarded-for: 111.111.111.111, 云厂商公网ip, 用户真实ip, 负载均衡服务内网ip,

remoteAddr为用户伪造的111.111.111.111。

所以想在微服务中获取用户的真实ip，需要根据实际的网络链路配置，进行相应的判断，提取出云厂商服务设置的用户真实ip。