Hi,
we're using nginx as reverse proxy in front of our graylog server. This
works fine beside logging the clients IP address.
Following rule adds the IP address to our GELF http input:
rule "add ip"
when
true
then
set_field("ip", to_ip($message.gl2_remote_ip));
end
If we post data to the input-ip / port combination (http://<*ip>*:*12202*/gelf)
it works as expected.
We configured our nginx as reverse proxy as follows:
server {
listen 443 ssl;
server_name log-input.server-name.de;
ssl_certificate_key /etc/ssl/server.key;
ssl_certificate /etc/ssl/server.crt;
error_log /var/log/nginx/error.log debug;
location / {
proxy_pass http://127.0.0.1:12202;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host:443;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Scheme $scheme;
# testing remote addr combinations
proxy_set_header REMOTE_ADDR $remote_addr;
proxy_set_header Remote_Addr $remote_addr;
# /testing remote addr combinations
proxy_pass_request_headers on;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffers 4 32k;
client_max_body_size 8m;
client_body_buffer_size 128k;
}
}
Unfortunately the logging result with post-requests to
*https://log-input.<server-name>.de/gelf* shows 127.0.0.1 as IP address,
instead of the real client *$remote_addr*.
The activated debug log (*/var/log/nginx/error.log*) shows the IP address
correctly. It seems that *gl2_remote_ip* does not handle HTTP headers as
expected.
Has someone a solution for our problem?
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/ec4d001e-fac6-4b23-9d09-b15ac9583aae%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.