Hi Brandon, you have to add the IP address of your Apache httpd reverse proxy to the trusted_proxies <https://github.com/Graylog2/graylog2-server/blob/2.1.2/misc/graylog.conf#L124-L126> configuration setting so that it can override the client IP address.
Cheers, Jochen On Tuesday, 8 November 2016 14:14:07 UTC+1, BKeep wrote: > > Sorry, I forgot to add that in the original post. > Graylog v2.1.1+01d50e5 > openJDK JAVA v1.8.0_102 > Apache v2.4.6 > CentOS 7.2 / 3.10.0-327.36.2.el7.x86_64 > > Regards > > On Tuesday, November 8, 2016 at 2:09:38 AM UTC-6, Jochen Schalanda wrote: >> >> Hi Brandon, >> >> which version of Graylog are you using? >> >> Cheers, >> Jochen >> >> On Tuesday, 8 November 2016 05:38:41 UTC+1, BKeep wrote: >>> >>> I have setup a proxy using apache and it is working okay except for a >>> few minor things. When I navigate to the user accounts page at >>> https:/server.domain.tld/system/authentication. The IP that shows up for >>> logged in users is 127.0.0.1 when the expected ip would be the remote >>> client. I did a little bit of googling and came across the RemoteIPHeader >>> directive but setting that didn't seem to make any difference. If anyone >>> can give some guidance I would appreciate it. >>> >>> # Listen for requests on port 80 >>> # NameVirtualHost *:80 >>> <VirtualHost *:80> >>> ServerName server >>> Redirect permanent / https://server.domain.tld/ >>> </VirtualHost> >>> >>> <VirtualHost *:443> >>> ServerName server.domain.tld >>> ProxyRequests Off >>> >>> # SSL Settings >>> SSLEngine on >>> SSLProtocol all -SSLv2 -SSLv3 >>> SSLCertificateFile /etc/pki/tls/certs/cert.crt >>> SSLCertificateKeyFile /etc/pki/tls/private/key.key >>> SSLCertificateChainFile /etc/pki/tls/certs/SHA256.crt >>> >>> <Proxy *> >>> Order deny,allow >>> Allow from all >>> </Proxy> >>> >>> RemoteIPHeader X-Forwarded-For >>> >>> <Location /> >>> RequestHeader set X-Graylog-Server-URL " >>> https://server.domain.tld/api/"; >>> ProxyPass http://127.0.0.1:9000/ >>> ProxyPassReverse http://127.0.0.1:9000/ >>> </Location> >>> <Location /api/> >>> ProxyPass http://127.0.0.1:9000/api/ >>> ProxyPassReverse http://127.0.0.1:9000/api/ >>> </Location> >>> </VirtualHost> >>> >>> Regards, >>> Brandon >>> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/e0ff427c-613d-4684-997a-035275ebf8eb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
