I just found out that removing proxy_set_header x-webobjects-remote-host 127.0.0.1;
gives me the right client IP in the logs. However: what's the side effect of removing this line? regards, infoomatic > Gesendet: Sonntag, 22. Februar 2015 um 21:48 Uhr > Von: Infoomatic <[email protected]> > An: [email protected] > Betreff: Aw: Re: [SOGo] using nginx > > thanks for the replies, it's still not working, my config: > > location = /principals/ > { > rewrite ^ 'https://$server_name/SOGo/dav'; > allow all; > } > location ^~/SOGo > { > proxy_pass 'http://127.0.0.1:20000'; > proxy_redirect 'http://127.0.0.1:20000' default; > # forward user's IP address > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header X-Forwarded-Proto https; > proxy_set_header Host $host; > proxy_set_header x-webobjects-server-protocol HTTP/1.0; > proxy_set_header x-webobjects-remote-host 127.0.0.1; > proxy_set_header x-webobjects-server-name $server_name; > proxy_set_header x-webobjects-server-url $scheme://$host; > proxy_set_header x-webobjects-server-port $server_port; > proxy_connect_timeout 90; > proxy_send_timeout 90; > proxy_read_timeout 90; > proxy_buffer_size 4k; > proxy_buffers 4 32k; > proxy_busy_buffers_size 64k; > proxy_temp_file_write_size 64k; > client_max_body_size 50m; > break; > } > > location ^~ /Microsoft-Server-ActiveSync { > proxy_pass > http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync; > proxy_redirect > http://127.0.0.1:20000/Microsoft-Server-ActiveSync /; > } > > location /SOGo.woa/WebServerResources/ > { > alias /usr/lib/GNUstep/SOGo/WebServerResources/; > allow all; > } > > location /SOGo/WebServerResources/ > { > alias /usr/lib/GNUstep/SOGo/WebServerResources/; > allow all; > } > > location (^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$) > { > alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2; > } > location > (^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$) > { > alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2; > } > > > regards, > infoomatic > > > > Gesendet: Sonntag, 22. Februar 2015 um 20:34 Uhr > > Von: "Jens Erat" <[email protected]> > > An: [email protected] > > Betreff: Re: [SOGo] using nginx > > > > Hi! > > > > My nginx configuration (which proxies to an Apache inside a Docker > > container) also sets `X-Forwarded-For`: > > > > proxy_set_header X-Real-IP $remote_addr; > > proxy_set_header X-Forwarded-For $remote_addr; > > > > I didn't test what happens if you directly interface SOGo with nginx, > > though. > > > > Regards from Lake Constance, Germany, > > Jens > > > > > > On 22.02.2015 18:43, Infoomatic wrote: > > > hi, > > > I wanted to use nginx with sogo and apply the fail2ban rules. Basically, > > > everything is working fine with nginx, but: > > > with the suggested nginx config (including "proxy_set_header X-Real-IP > > > $remote_addr;" from the sogo wiki) and nginx version 1.6.2, the > > > logfile only creates entries like: > > > SOGoRootPage Login from '127.0.0.1' for user 'afd' might not have worked > > > - password policy: 65535 grace: -1 expire: -1 bound: 0 > > > > > > The same host, with the suggested apache2 configuration gives me: > > > SOGoRootPage Login from 'XXX.XX.XX.XXX' for user 'aasd' might not have > > > worked - password policy: 65535 grace: -1 expire: -1 bound: 0 > > > > > > with my real IP and thus fail2ban working. > > > > > > Is there a workaround or some variables to change in source and recompile > > > to have this working? Or better: a configuration option I did not see? > > > > > > regards, > > > infoomatic > > > > > > > > > -- > > Jens Erat > > > > [phone]: tel:+49-151-56961126 > > [mail]: mailto:[email protected] > > [jabber]: xmpp:[email protected] > > [web]: http://www.jenserat.de > > > > OpenPGP: 0D69 E11F 12BD BA07 7B37 26AB 4E1F 799A A4FF 2279 > > > > > -- > [email protected] > https://inverse.ca/sogo/lists > -- [email protected] https://inverse.ca/sogo/lists
