Wednesday 24 February 2016

Forwarding the real IP address of nginx clients to apache backends

Firstly we should add the following directives (in red) to our proxy configuration in our virtual host:

# Reverse proxy configuration
     location / {
     proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
     proxy_redirect off;
     proxy_buffering off;
     proxy_set_header        Host            $host;
     proxy_set_header        X-Real-IP       $remote_addr;
     proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;


Although unfortunately be default apache does not see the forwarded IP addresses (at least not on Debian) - we need to install and configure the libapache2-mod-rpaf package:

sudo apt-get install libapache2-mod-rpaf

We then configure it:

nano /etc/apache2/mods-available/rpaf.conf

And ensure that the RPAFproxy_ips are set to your upstream (proxy / nginx) server(s.)

Restart apache:

sudo service apache2 restart

We should then be able to see the real IP address of the client in the logs e.g.:

tail -f /var/log/apache2/access.log


Post a Comment