diff --git a/app/Http/Controllers/AuthController.php b/app/Http/Controllers/AuthController.php
index d151e42..4db4888 100644
--- a/app/Http/Controllers/AuthController.php
+++ b/app/Http/Controllers/AuthController.php
@@ -130,8 +130,9 @@ class AuthController extends Controller
         // 递增访问次数
         $user->increment('visit_num');
 
-        // 更新最后登录IP和时间
+        // 更新最后登录IP和时间（同时将旧IP转移到 previous_ip 作上次登录记录）
         $user->update([
+            'previous_ip' => $user->last_ip,
             'last_ip' => $ip,
             'log_time' => now(),
             'in_time' => now(),
diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index 787856f..b622383 100644
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -83,8 +83,10 @@ class UserController extends Controller
         // 拥有封禁IP（level_banip）或踢人以上权限的管理，可以查看IP和归属地
         $levelBanIp = (int) Sysparam::getValue('level_banip', '15');
         if ($operator && $operator->user_level >= $levelBanIp) {
-            $data['last_ip'] = $targetUser->last_ip;
-            // last_ip 在每次登录时更新，即为用户最近一次登录的 IP（本次IP）
+            $data['first_ip'] = $targetUser->first_ip;
+            // last_ip 目前定义为『上次登录IP』（取数据库 previous_ip）
+            $data['last_ip'] = $targetUser->previous_ip;
+            // login_ip 目前定义为『本次登录IP』（取数据库 last_ip）
             $data['login_ip'] = $targetUser->last_ip;
 
             // 解析归属地：使用 ip2region 离线库，直接返回原生中文（省|市|ISP）
diff --git a/app/Http/Middleware/CloudflareProxies.php b/app/Http/Middleware/CloudflareProxies.php
new file mode 100644
index 0000000..72eb73d
--- /dev/null
+++ b/app/Http/Middleware/CloudflareProxies.php
@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class CloudflareProxies
+{
+    /**
+     * 文件功能：强制信任并解析 CDN 传导的真实客户端 IP。
+     * 解决 Herd 环境 / Nginx 本地反代时，丢失 X-Forwarded-For 导致全员 IP 变成 127.0.0.1 的问题。
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        // 优先采纳 Cloudflare 的 CF-Connecting-IP
+        if ($request->hasHeader('CF-Connecting-IP')) {
+            $realIp = $request->header('CF-Connecting-IP');
+            $request->server->set('REMOTE_ADDR', $realIp);
+            $request->headers->set('X-Forwarded-For', $realIp);
+        }
+        // 其次兜底常见的国内 CDN 厂商（如腾讯云 EdgeOne / 阿里云 DCDN）
+        elseif ($request->hasHeader('X-Real-IP')) {
+            $realIp = $request->header('X-Real-IP');
+            $request->server->set('REMOTE_ADDR', $realIp);
+            $request->headers->set('X-Forwarded-For', $realIp);
+        }
+
+        return $next($request);
+    }
+}
diff --git a/app/Models/User.php b/app/Models/User.php
index 34a2d3e..fb9f4ce 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -38,6 +38,7 @@ class User extends Authenticatable
         'user_level',
         'room_id',
         'first_ip',
+        'previous_ip',
         'last_ip',
         'usersf',
         'vip_level_id',
diff --git a/bootstrap/app.php b/bootstrap/app.php
index f259637..d574260 100644
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@@ -12,14 +12,17 @@ return Application::configure(basePath: dirname(__DIR__))
         health: '/up',
     )
     ->withMiddleware(function (Middleware $middleware) {
+        // 强制解析并信任 CDN (如 Cloudflare) 透传的真实 IP (最高优先级)
+        $middleware->prepend(\App\Http\Middleware\CloudflareProxies::class);
+
         // 信任所有代理转发头（腾讯 EdgeCDN HTTPS 回源 HTTP 场景）
         // CDN 携带 X-Forwarded-Proto: https，Laravel 据此将请求识别为 HTTPS，url()/route() 生成正确的 https:// 链接
         $middleware->trustProxies(at: '*');
 
         $middleware->alias([
-            'chat.auth'         => \App\Http\Middleware\ChatAuthenticate::class,
-            'chat.level'        => \App\Http\Middleware\LevelRequired::class,
-            'chat.site_owner'   => \App\Http\Middleware\SiteOwnerRequired::class,
+            'chat.auth' => \App\Http\Middleware\ChatAuthenticate::class,
+            'chat.level' => \App\Http\Middleware\LevelRequired::class,
+            'chat.site_owner' => \App\Http\Middleware\SiteOwnerRequired::class,
             'chat.has_position' => \App\Http\Middleware\HasActivePosition::class,
         ]);
 
diff --git a/database/migrations/2026_03_09_115008_add_previous_ip_to_users_table.php b/database/migrations/2026_03_09_115008_add_previous_ip_to_users_table.php
new file mode 100644
index 0000000..e53d879
--- /dev/null
+++ b/database/migrations/2026_03_09_115008_add_previous_ip_to_users_table.php
@@ -0,0 +1,28 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->string('previous_ip', 45)->nullable()->after('first_ip')->comment('真正的上一次登录IP');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->dropColumn('previous_ip');
+        });
+    }
+};
diff --git a/resources/views/chat/partials/user-actions.blade.php b/resources/views/chat/partials/user-actions.blade.php
index a2750c8..a452fe9 100644
--- a/resources/views/chat/partials/user-actions.blade.php
+++ b/resources/views/chat/partials/user-actions.blade.php
@@ -664,7 +664,9 @@
                         style="display: none; padding: 8px 10px; background: #fff5f5; border: 1px dashed #fca5a5;
                                border-top: none; border-radius: 0 0 8px 8px; font-size: 11px; color: #991b1b;">
                         <div style="display: flex; flex-direction: column; gap: 3px;">
-                            <div><span style="opacity: 0.8;">主要IP：</span><span x-text="userInfo.last_ip || '无'"></span>
+                            <div><span style="opacity: 0.8;">首次IP：</span><span x-text="userInfo.first_ip || '无'"></span>
+                            </div>
+                            <div><span style="opacity: 0.8;">上次IP：</span><span x-text="userInfo.last_ip || '无'"></span>
                             </div>
                             <div><span style="opacity: 0.8;">本次IP：</span><span x-text="userInfo.login_ip || '无'"></span>
                             </div>