Pass real client IP to web servers


#1

Subject: Pass real client IP to web servers
Author: bdroste

I’m sure this has been asked before, but I can’t find an answer. I’m
running nginx-0.7.44 on a server, load balancing port 80 to port 8080 on
2 other servers running Apache. I am trying to figure out how to get
Nginx to pass the real IP address of the browser client through to the
web servers. The web servers always log the IP address of the Nginx
server instead of the client.

A Google search suggested that I needed to run a Apache proxy server on
each of my web servers that then pass the request on to my real web
server, so the headers are rewritten. That works, but it seems I should
be able to do this with Nginx and not need to run an intermediate web
server just to pass the traffic to my real web servers.

Here is my nginx.conf

worker_processes 4;

events {
worker_connections 8192;
}

http {
include mime.types;
default_type application/octet-stream;

sendfile        on;

keepalive_timeout  60;

proxy_set_header  Host $host;
proxy_set_header  X-Real-IP  $remote_addr;
proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;

upstream serverpool {
   server 192.168.20.170:7080;
   server 192.168.20.171:8080;
}

server {
    listen 80;
    server_name www.mydomain.com;
    location / {
       proxy_pass http://serverpool;
       proxy_redirect default;
    }
}

}

Any help or clarification on the issue would be greatly appreciated.

Thanks,
Bruce

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,449,449#msg-449


#2

On Wed, Mar 25, 2009 at 4:53 PM, bdroste removed_email_address@domain.invalid
wrote:

  server {
    listen 80;
    server_name www.mydomain.com;
    location / {

maybe put this stuff here

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

     proxy_pass http://serverpool;
     proxy_redirect default;


#3

Hello!

On Wed, Mar 25, 2009 at 07:53:31PM -0400, bdroste wrote:

Subject: Pass real client IP to web servers
Author: bdroste

I’m sure this has been asked before, but I can’t find an answer. I’m running nginx-0.7.44 on a server, load balancing port 80 to port 8080 on 2 other servers running Apache. I am trying to figure out how to get Nginx to pass the real IP address of the browser client through to the web servers. The web servers always log the IP address of the Nginx server instead of the client.

A Google search suggested that I needed to run a Apache proxy server on each of my web servers that then pass the request on to my real web server, so the headers are rewritten. That works, but it seems I should be able to do this with Nginx and not need to run an intermediate web server just to pass the traffic to my real web servers.

[…]

proxy_set_header  X-Real-IP  $remote_addr;
proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;

You should configure Apache to accept ip address from X-Real-IP or
X-Forwarded-For headers set by nginx (and from nginx server ip).
Take a look at mod_realip or mod_rpaf/mod_rpaf2 apache modules.

As you said that running Apache proxy on each of your web servers
fixes the issue - probably you already have one of the modules
above, but configured to accept X-Real-IP/X-Forwarded-For from
localhost only.

Maxim D.