Reverse proxy configuration on el7

Hello!

Did anyone have same problem when configuring reverse proxy nginx +
apache, when the request came from nginx, the IP didn’t shows real
visitor.

Example access.log:
127.0.0.1 - - [07/May/2015:09:27:30 +0700] “GET / HTTP/1.0” 200 61925
127.0.0.1 - - [07/May/2015:09:27:35 +0700] “GET / HTTP/1.0” 200 61925
127.0.0.1 - - [07/May/2015:09:27:43 +0700] “GET / HTTP/1.0” 200 62367

My proxy config:
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;

In centos6, I got additional packages like mod_rpaf /
mod_extract_forwarded. But I didn’t find any similiar packages on
centos7.

Any hints?

Hi

On Thu, May 7, 2015 at 11:38 AM, Dewangga Bachrul Alam <
[email protected]> wrote:

My proxy config:

In centos6, I got additional packages like mod_rpaf /
mod_extract_forwarded. But I didn’t find any similiar packages on centos7.

Any hints?

You don’t have to use both X-Real-IP and X-Forwarded-For. Just put the
one
which actually used by the app.

And it’s safer to also use $remote_addr for X-Forwarded-For rather
than $proxy_add_x_forwarded_for,
since that header can be manipulated by the client.

For the log, check your log format at apache, it probably logging
remote_addr (or something like that, not sure what they call it at
apache)
rather than the IP specified by X-Forwarded-For or X-Real-IP. Change it
accordingly.

Hi ,
You must configure "X-Forwarded-For " in the apache log format to get
real IP client.
Regards
Aron

 On Thursday, May 7, 2015 9:39 AM, Dewangga Bachrul Alam 

[email protected] wrote:

Hello!

Did anyone have same problem when configuring reverse proxy nginx +
apache, when the request came from nginx, the IP didn’t shows real
visitor.

Example access.log:
127.0.0.1 - - [07/May/2015:09:27:30 +0700] “GET / HTTP/1.0” 200 61925
127.0.0.1 - - [07/May/2015:09:27:35 +0700] “GET / HTTP/1.0” 200 61925
127.0.0.1 - - [07/May/2015:09:27:43 +0700] “GET / HTTP/1.0” 200 62367

My proxy config:
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;

In centos6, I got additional packages like mod_rpaf /
mod_extract_forwarded. But I didn’t find any similiar packages on
centos7.

Any hints?

Hello!

On 05/07/2015 09:45 AM, Nurahmadie Nurahmadie wrote:

proxy_set_header X-Forwarded-Proto https;
Any hints?

You don’t have to use both X-Real-IP and X-Forwarded-For. Just put the
one which actually used by the app.

I just test using $_SERVER[‘REMOTE_ADDR’]; and its only shows 127.0.0.1.

Anyway, it’s should be fine to use them both (CMIIW). But I’ve tried it
and nothing changes, the visitors ips are not showed on apache logs.

For additional information, I set the apache listen only to
127.0.0.1:8080 and set the proxy pass to http://127.0.0.1:8080;

And it’s safer to also use $remote_addr for X-Forwarded-For rather
than $proxy_add_x_forwarded_for, since that header can be manipulated by
the client.

For the log, check your log format at apache, it probably logging
remote_addr (or something like that, not sure what they call it at
apache) rather than the IP specified by X-Forwarded-For or X-Real-IP.
Change it accordingly.

Didn’t know yet, you have any hints? :slight_smile:

On Thu, May 7, 2015 at 12:07 PM, Dewangga Bachrul Alam <
[email protected]> wrote:

Did anyone have same problem when configuring reverse proxy nginx +
proxy_set_header Host $host;
mod_extract_forwarded. But I didn't find any similiar packages on

The remote_addr will always shows 127.0.0.1 since apache is requested by
nginx, which also binds on 127.0.0.1, not directly by users.

the client.

For the log, check your log format at apache, it probably logging
remote_addr (or something like that, not sure what they call it at
apache) rather than the IP specified by X-Forwarded-For or X-Real-IP.
Change it accordingly.

Didn’t know yet, you have any hints? :slight_smile:

As I stated before, you want to change your log format to shows ip from
either X-Forwarded-For or X-Real-IP

Hello!

Recently discovered by my self, since apache 2.4.1 or latest, it was
bundled with mod_remoteip. So, we didn’t need any additional modules
like mod_rpaf or mod_extract_forwarded.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs