Apache Reverse Proxy to Nginx

phreek nginx-forum at nginx.us
Thu Dec 29 02:16:53 UTC 2011


Hello guys,

I'm having a bit of trouble with getting the proper REMOTE_ADDR client
address on my server.

The current configuration is Apache ReverseProxy (mod_security) --->
Ngninx ---> PHP-FPM.

Apache is listening on a public IP, nginx listens on 127.0.0.1, so does
PHP-FPM. My PHP app returns 127.0.0.1 for REMOTE_ADDR where it should be
returning the real client's IP address.

Apache VirtualHost config:


<VirtualHost XX.XX.XX.XX:80> #public IP
    ServerAdmin admin at domain.com
    DocumentRoot /home/domain/public_html
    ServerName www.domain.com

    RewriteEngine on

    ProxyPreserveHost On
    ProxyRequests Off
    ProxyPass / http://127.0.0.1:8080/ # nginx
    ProxyPassReverse / http://127.0.0.1:8080/ # nginx

    ErrorLog logs/error_log
    CustomLog logs/access_log common
</VirtualHost>

-------------

Nginx config:

http {
        include       mime.types;
        default_type  application/octet-stream;
        client_max_body_size 10M;
        log_format  main  '$remote_addr - [$time_local] "$request"'
                      '"$http_user_agent" "$http_x_forwarded_for"';

#       large_client_header_buffers 16k;

        sendfile on;
        keepalive_timeout  0;
        server_tokens off;
        tcp_nopush off;

        ssl_certificate      cert.crt;
        ssl_certificate_key cert.key;
        ssl_ciphers
ECDHE-RSA-AES256-SHA:AES256-SHA:CAMELLIA256-SHA:DES-CBC3-SHA;
        # compression
        gzip  off;

        open_file_cache max=1000 inactive=20s;
        open_file_cache_valid    30s;
        open_file_cache_min_uses 2;
        open_file_cache_errors   off;

        upstream php_backend {
                ip_hash;
               server 127.0.0.1:9000 max_fails=3 fail_timeout=40s;
               server XX.XX.XX.XX:9000 max_fails=3 fail_timeout=40s;
        }

        server {
                listen 127.0.0.1:8080;
                listen 127.0.0.1:8443 ssl;
                server_name www.domain.com domain.com;

                # Disable access log to save I/O
               access_log off;

                root /home/domain/public_html;
                error_page 403 /404.html;
                error_page 404 /404.html;

                fastcgi_param  SERVER_PORT        $server_port;

                if ($server_port = 443){
                        set $https on;
                }

                if ($server_port = 80){
                        set $https off;
                }

                location / {
                        index index.php;
                }

                location ~*
\.(jpg|png|gif|jpeg|css|js|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx)$
{
                        root /home/domain/public_html;
                        expires 30d;
                }

                location ~ \.php$ {
                        fastcgi_pass    php_backend;
                        fastcgi_index  index.php;
                        fastcgi_param  SCRIPT_FILENAME
$document_root$fastcgi_script_name;
                        fastcgi_param  SERVER_PORT        $server_port;
                        fastcgi_param HTTPS $https;
                        set_real_ip_from 127.0.0.1;
                        real_ip_header X-Forwarded-For;
                        include        fastcgi_params;
                }
        }

My question is: How would I make NGINX set REMOTE_ADDR to the IP in
X-Forwarded-For so when the PHP script tries to read
$_SERVER['REMOTE_ADDR'] it will return the IP address in
X-Forwarded-For

Right now it returns 127.0.0.1. Am i missing something?

Thanks in advance for any help you can provide.

-J

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220642,220642#msg-220642



More information about the nginx mailing list