diff --git a/src/main/java/com/gcsc/guide/auth/AuthController.java b/src/main/java/com/gcsc/guide/auth/AuthController.java
index a4975b7..8e10675 100644
--- a/src/main/java/com/gcsc/guide/auth/AuthController.java
+++ b/src/main/java/com/gcsc/guide/auth/AuthController.java
@@ -24,7 +24,6 @@ import lombok.extern.slf4j.Slf4j;
 
 import java.util.HashSet;
 import java.util.List;
-import java.util.Set;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.Authentication;
@@ -85,7 +84,7 @@ public class AuthController {
 
         activityService.recordLogin(
             userWithRoles.getId(),
-            httpRequest.getRemoteAddr(),
+            resolveClientIp(httpRequest),
             httpRequest.getHeader("User-Agent"));
 
         String token = jwtTokenProvider.generateToken(
@@ -143,4 +142,16 @@ public class AuthController {
         newUser.updateLastLogin();
         return userRepository.save(newUser);
     }
+
+    private String resolveClientIp(HttpServletRequest request) {
+        String xff = request.getHeader("X-Forwarded-For");
+        if (xff != null && !xff.isBlank()) {
+            return xff.split(",")[0].trim();
+        }
+        String realIp = request.getHeader("X-Real-IP");
+        if (realIp != null && !realIp.isBlank()) {
+            return realIp.trim();
+        }
+        return request.getRemoteAddr();
+    }
 }