Real IP not working?

Alexander Kolesen kolesen.a at gmail.com
Sun Dec 4 18:36:48 UTC 2011


> Hi. Nginx 1.0.8 proxying to Apache 2. My version of PHP is 5.3.8, but
> that's irrelevant I suppose. 
> 
> Nginx is with Real IP module. I have the following in my conf file: 
> 
> 
> [code]
> set_real_ip_from   192.168.1.0/24;
> set_real_ip_from   192.168.2.1;
> set_real_ip_from   127.0.0.1;
> set_real_ip_from   [..my server ip..];
> real_ip_header     X-Real-IP;
> [/code]
> 
> 
> Apache is also with module RPAF. And there's this bit in httpd.conf: 
> 
> 
> [code]
> LoadModule rpaf_module /usr/lib64/httpd/modules/mod_rpaf-2.0.so
> <IfModule mod_rpaf.c>
> RPAFenable On
> RPAFproxy_ips  0.0.0.0  127.0.0.1  [...my server IPs...]
> RPAFsethostname On
> RPAFheader X-Real-IP
> </IfModule>
> [/code]
> 
> 
> Yet, in Apache log, the client IPs are not shown. All the IPs in the log
> are my own server's IP! 
> 
> How can I make sure that Apache shows the end user's IP?

You shouldn't use ngx_http_realip_module for issues like this.
Just set X-Real-IP header to $remote_addr variable value 
in your location section with 'proxy_pass' directive 
(or 'fastcgi_pass' or whatever you use).

Like the following:

    location / {
...
        proxy_pass                 http://<backend_ip>:<backend_port>;
        proxy_set_header           Host             $host;
+       proxy_set_header           X-Real-IP        $remote_addr;
...
    }

Your mod_rpaf config have already correctly set up to handle X-Real-IP header 
and consider it as the end user's IP.

Also, you shouldn't use the RPAFsethostname option turned 'On' unless you
set X-Host header in the nginx config before passing request to backend. Just turn it 'Off'.



More information about the nginx mailing list