Forwarding the real IP address of nginx clients to apache backends

Firstly we should add the following directives (in red) to our proxy configuration in our virtual host:

# Reverse proxy configuration
     location / {
     proxy_pass  https://192.168.0.1;
     proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
     proxy_redirect off;
     proxy_buffering off;
     proxy_set_header        Host            $host;
     proxy_set_header        X-Real-IP       $remote_addr;
     proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
}

Although unfortunately be default apache does not see the forwarded IP addresses (at least not on Debian) - we need to install and configure the libapache2-mod-rpaf package:

sudo apt-get install libapache2-mod-rpaf

We then configure it:

nano /etc/apache2/mods-available/rpaf.conf

And ensure that the RPAFproxy_ips are set to your upstream (proxy / nginx) server(s.)

Restart apache:

sudo service apache2 restart

We should then be able to see the real IP address of the client in the logs e.g.:

tail -f /var/log/apache2/access.log