Apache Reverse Proxy to Nginx

dubstep · December 29, 2011, 3:17am

Hello guys,

I’m having a bit of trouble with getting the proper REMOTE_ADDR client
address on my server.

The current configuration is Apache ReverseProxy (mod_security) —>
Ngninx —> PHP-FPM.

Apache is listening on a public IP, nginx listens on 127.0.0.1, so does
PHP-FPM. My PHP app returns 127.0.0.1 for REMOTE_ADDR where it should be
returning the real client’s IP address.

Apache VirtualHost config:

#public IP
ServerAdmin [email protected]
DocumentRoot /home/domain/public_html
ServerName www.domain.com

RewriteEngine on

ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://127.0.0.1:8080/ # nginx
ProxyPassReverse / http://127.0.0.1:8080/ # nginx

ErrorLog logs/error_log
CustomLog logs/access_log common

Nginx config:

http {
include mime.types;
default_type application/octet-stream;
client_max_body_size 10M;
log_format main ‘$remote_addr - [$time_local] “$request”’
‘“$http_user_agent” “$http_x_forwarded_for”’;

large_client_header_buffers 16k;

    sendfile on;
    keepalive_timeout  0;
    server_tokens off;
    tcp_nopush off;

    ssl_certificate      cert.crt;
    ssl_certificate_key cert.key;
    ssl_ciphers

ECDHE-RSA-AES256-SHA:AES256-SHA:CAMELLIA256-SHA:DES-CBC3-SHA;
# compression
gzip off;

    open_file_cache max=1000 inactive=20s;
    open_file_cache_valid    30s;
    open_file_cache_min_uses 2;
    open_file_cache_errors   off;

    upstream php_backend {
            ip_hash;
           server 127.0.0.1:9000 max_fails=3 fail_timeout=40s;
           server XX.XX.XX.XX:9000 max_fails=3 fail_timeout=40s;
    }

    server {
            listen 127.0.0.1:8080;
            listen 127.0.0.1:8443 ssl;
            server_name www.domain.com domain.com;

            # Disable access log to save I/O
           access_log off;

            root /home/domain/public_html;
            error_page 403 /404.html;
            error_page 404 /404.html;

            fastcgi_param  SERVER_PORT        $server_port;

            if ($server_port = 443){
                    set $https on;
            }

            if ($server_port = 80){
                    set $https off;
            }

            location / {
                    index index.php;
            }

            location ~*

.(jpg|png|gif|jpeg|css|js|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx)$
{
root /home/domain/public_html;
expires 30d;
}

            location ~ \.php$ {
                    fastcgi_pass    php_backend;
                    fastcgi_index  index.php;
                    fastcgi_param  SCRIPT_FILENAME

$document_root$fastcgi_script_name;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param HTTPS $https;
set_real_ip_from 127.0.0.1;
real_ip_header X-Forwarded-For;
include fastcgi_params;
}
}

My question is: How would I make NGINX set REMOTE_ADDR to the IP in
X-Forwarded-For so when the PHP script tries to read
$_SERVER[‘REMOTE_ADDR’] it will return the IP address in
X-Forwarded-For

Right now it returns 127.0.0.1. Am i missing something?

Thanks in advance for any help you can provide.

-J

Posted at Nginx Forum: