Hi On Thu, May 7, 2015 at 11:38 AM, Dewangga Bachrul Alam < [email protected]> wrote:
> Hello! > > Did anyone have same problem when configuring reverse proxy nginx + > apache, when the request came from nginx, the IP didn't shows real visitor. > > Example access.log: > 127.0.0.1 - - [07/May/2015:09:27:30 +0700] "GET / HTTP/1.0" 200 61925 > 127.0.0.1 - - [07/May/2015:09:27:35 +0700] "GET / HTTP/1.0" 200 61925 > 127.0.0.1 - - [07/May/2015:09:27:43 +0700] "GET / HTTP/1.0" 200 62367 > > My proxy config: > proxy_redirect off; > proxy_set_header Host $host; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header X-Forwarded-Proto https; > client_body_buffer_size 128k; > proxy_connect_timeout 90; > proxy_send_timeout 90; > proxy_read_timeout 90; > proxy_buffers 32 4k; > > In centos6, I got additional packages like mod_rpaf / > mod_extract_forwarded. But I didn't find any similiar packages on centos7. > > Any hints? > You don't have to use both X-Real-IP and X-Forwarded-For. Just put the one which actually used by the app. And it's safer to also use $remote_addr for X-Forwarded-For rather than $proxy_add_x_forwarded_for, since that header can be manipulated by the client. For the log, check your log format at apache, it probably logging remote_addr (or something like that, not sure what they call it at apache) rather than the IP specified by X-Forwarded-For or X-Real-IP. Change it accordingly. > ___________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx > -- regards, Nurahmadie --
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
