Reverse proxy configuration on el7

Nurahmadie Nurahmadie nurahmadie at gmail.com
Thu May 7 02:45:11 UTC 2015


Hi

On Thu, May 7, 2015 at 11:38 AM, Dewangga Bachrul Alam <
dewanggaba at xtremenitro.org> wrote:

> Hello!
>
> Did anyone have same problem when configuring reverse proxy nginx +
> apache, when the request came from nginx, the IP didn't shows real visitor.
>
> Example access.log:
> 127.0.0.1 - - [07/May/2015:09:27:30 +0700] "GET / HTTP/1.0" 200 61925
> 127.0.0.1 - - [07/May/2015:09:27:35 +0700] "GET / HTTP/1.0" 200 61925
> 127.0.0.1 - - [07/May/2015:09:27:43 +0700] "GET / HTTP/1.0" 200 62367
>
> My proxy config:
> proxy_redirect off;
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Proto https;
> client_body_buffer_size 128k;
> proxy_connect_timeout   90;
> proxy_send_timeout      90;
> proxy_read_timeout      90;
> proxy_buffers           32 4k;
>
> In centos6, I got additional packages like mod_rpaf /
> mod_extract_forwarded. But I didn't find any similiar packages on centos7.
>
> Any hints?
>

You don't have to use both X-Real-IP and X-Forwarded-For. Just put the one
which actually used by the app.

And it's safer to also use $remote_addr for X-Forwarded-For rather
than $proxy_add_x_forwarded_for,
since that header can be manipulated by the client.

For the log, check your log format at apache, it probably logging
remote_addr (or something like that, not sure what they call it at apache)
rather than the IP specified by X-Forwarded-For or X-Real-IP. Change it
accordingly.




> ___________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>



-- 
regards,
Nurahmadie
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20150507/fd00891e/attachment.html>


More information about the nginx mailing list