Reverse proxy configuration on el7
nurahmadie at gmail.com
Thu May 7 02:45:11 UTC 2015
On Thu, May 7, 2015 at 11:38 AM, Dewangga Bachrul Alam <
dewanggaba at xtremenitro.org> wrote:
> Did anyone have same problem when configuring reverse proxy nginx +
> apache, when the request came from nginx, the IP didn't shows real visitor.
> Example access.log:
> 127.0.0.1 - - [07/May/2015:09:27:30 +0700] "GET / HTTP/1.0" 200 61925
> 127.0.0.1 - - [07/May/2015:09:27:35 +0700] "GET / HTTP/1.0" 200 61925
> 127.0.0.1 - - [07/May/2015:09:27:43 +0700] "GET / HTTP/1.0" 200 62367
> My proxy config:
> proxy_redirect off;
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Proto https;
> client_body_buffer_size 128k;
> proxy_connect_timeout 90;
> proxy_send_timeout 90;
> proxy_read_timeout 90;
> proxy_buffers 32 4k;
> In centos6, I got additional packages like mod_rpaf /
> mod_extract_forwarded. But I didn't find any similiar packages on centos7.
> Any hints?
You don't have to use both X-Real-IP and X-Forwarded-For. Just put the one
which actually used by the app.
And it's safer to also use $remote_addr for X-Forwarded-For rather
since that header can be manipulated by the client.
For the log, check your log format at apache, it probably logging
remote_addr (or something like that, not sure what they call it at apache)
rather than the IP specified by X-Forwarded-For or X-Real-IP. Change it
> nginx mailing list
> nginx at nginx.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx