On September 1, 2019 2:52:36 PM UTC, Sean Dawson <seandawson2...@gmail.com> 
wrote:
>Hello, I'm trying to get the actual client IP address in the Tomcat
>access
>logs rather than the 127.0.0.1 that's coming from nginx.
>
>CentOS 7.6 (on AWS)
>Amazon Coretto 1.8.0_222.b10-1.x86_64
>Tomcat 8.5.45.0 (extracted from tar.gz)
>Nginx 1.12.2 (very basic setup)
>
>http (80) / https (443) to nginx
>Tomcat running on 8080
>
>localhost_access_log shows all requests coming from ip: 127.0.0.1
>
>How do I get it to show the real IP address coming in through nginx ?
>
>I've tried various combinations of these - and others (and in various
>sections of the nginx.conf)...
>
>proxy_set_header Host $host;
>proxy_set_header X-Real-IP $remote_addr;
>proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>
>I've tried adding this to Tomcat server.xml (in the Engine section):
>
><Valve className="org.apache.catalina.valves.RemoteIpValve"
>    internalProxies="127\.0\.[0-1]\.1"
>    remoteIpHeader="x-forwarded-for"
>    requestAttributesEnabled="true"
>    protocolHeader="x-forwarded-proto"
>    protocolHeaderHttpsValue="https"/>
>
>(As well as trying changing https to http.)
>
>I've also tried modifying this based on something I found online but it
>didn't help:
>
> <Valve className="org.apache.catalina.valves.AccessLogValve"
>directory="logs"
>               prefix="localhost_access_log" suffix=".txt"
>               pattern="%h %l %u %t &quot;%r&quot; %s %b" />

The remote ip valve looks ok.

Use the default access log valve but add requestAttributesEnabled="true"

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to