Hello! Recently discovered by my self, since apache 2.4.1 or latest, it was bundled with mod_remoteip. So, we didn't need any additional modules like mod_rpaf or mod_extract_forwarded.
On 05/07/2015 10:11 AM, Nurahmadie Nurahmadie wrote: > > On Thu, May 7, 2015 at 12:07 PM, Dewangga Bachrul Alam > <[email protected] <mailto:[email protected]>> wrote: > > Hello! > > On 05/07/2015 09:45 AM, Nurahmadie Nurahmadie wrote: > > Hi > > > > On Thu, May 7, 2015 at 11:38 AM, Dewangga Bachrul Alam > > <[email protected] <mailto:[email protected]> > <mailto:[email protected] > <mailto:[email protected]>>> wrote: > > > > Hello! > > > > Did anyone have same problem when configuring reverse proxy > nginx + > > apache, when the request came from nginx, the IP didn't shows real > > visitor. > > > > Example access.log: > > 127.0.0.1 - - [07/May/2015:09:27:30 +0700] "GET / HTTP/1.0" > 200 61925 > > 127.0.0.1 - - [07/May/2015:09:27:35 +0700] "GET / HTTP/1.0" > 200 61925 > > 127.0.0.1 - - [07/May/2015:09:27:43 +0700] "GET / HTTP/1.0" > 200 62367 > > > > My proxy config: > > proxy_redirect off; > > proxy_set_header Host $host; > > proxy_set_header X-Real-IP $remote_addr; > > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > > proxy_set_header X-Forwarded-Proto https; > > client_body_buffer_size 128k; > > proxy_connect_timeout 90; > > proxy_send_timeout 90; > > proxy_read_timeout 90; > > proxy_buffers 32 4k; > > > > In centos6, I got additional packages like mod_rpaf / > > mod_extract_forwarded. But I didn't find any similiar packages on > > centos7. > > > > Any hints? > > > > > > You don't have to use both X-Real-IP and X-Forwarded-For. Just put the > > one which actually used by the app. > > > > I just test using $_SERVER['REMOTE_ADDR']; and its only shows 127.0.0.1. > > > The remote_addr will always shows 127.0.0.1 since apache is requested by > nginx, which also binds on 127.0.0.1, not directly by users. > > > Anyway, it's should be fine to use them both (CMIIW). But I've tried it > and nothing changes, the visitors ips are not showed on apache logs. > > For additional information, I set the apache listen only to > 127.0.0.1:8080 <http://127.0.0.1:8080> and set the proxy pass to > http://127.0.0.1:8080; > > > And it's safer to also use $remote_addr for X-Forwarded-For rather > > than $proxy_add_x_forwarded_for, since that header can be manipulated by > > the client. > > > > For the log, check your log format at apache, it probably logging > > remote_addr (or something like that, not sure what they call it at > > apache) rather than the IP specified by X-Forwarded-For or X-Real-IP. > > Change it accordingly. > > > > > > Didn't know yet, you have any hints? :) > > > As I stated before, you want to change your log format to shows ip from > either X-Forwarded-For or X-Real-IP > > > _______________________________________________ > nginx mailing list > [email protected] <mailto:[email protected]> > http://mailman.nginx.org/mailman/listinfo/nginx > > > > > -- > regards, > Nurahmadie > -- > > > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx > _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
