<div dir="ltr">
<div>Seconding Thomas's reply - Optimally, this should be done at the application layer.</div><div>Configure
proxy_set_header to send the clients' real public IPs from the reverse
proxy to the upstream application. That way, your destination site will
see the real IP of every visitor, rather than the reverse proxy's IP. <br></div><div><br></div><div>proxy_set_header X-Real-IP $remote_addr;</div><div><br></div><div><a href="https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header" target="_blank">https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header</a></div><div><a href="https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/" target="_blank">https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/</a> </div><div><br></div><div><br></div><div>It is possible to trigger a bash script by watching your reverse proxy logs. Here is one way:<br></div><div><div><div>Determine
a pattern that will always match the nginx log lines that you want to
log; write a bash script to tail the nginx log, and grep for matching
lines; cut the values you want to collect from the log line, and insert
them into a database.</div><div>
To continuously watch for new visits, create a unit file to run the script as a system service.
</div><div><br></div><div>tail -Fn0 /path/to/access.log | grep --line-buffered "pattern here" | while read -r line;</div><div>do</div><div>ip=$(echo $line | cut -f 1 -d " ") && \<br></div><div>timestamp=$(echo $line | cut -f 4 -d " ") && \</div><div>mysql -u user -ppass -D dbname -e "INSERT INTO table(timestamp,ip) VALUES ($timestamp, $ip)";</div><div>done<br></div><div></div></div></div>
<div><br></div><div>However, I would strongly suggest avoiding that method for this specific task.<br></div><div><br></div>
<div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>Jessica D. Dooley<br></div><div>Ohio Public Library Information Network<br></div><div><a href="mailto:jessica@oplin.ohio.gov" target="_blank">jessica@oplin.ohio.gov</a></div></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jul 11, 2022 at 5:02 PM Thomas Ward <<a href="mailto:teward@thomas-ward.net">teward@thomas-ward.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Reiterating my last statement, I don't think there's a way to configure <br>
this in NGINX out of the box, the closest thing I can think of is an Lua <br>
script that would be written to do this with the OpenRESTY Lua module, <br>
however I"m not a pro at that, and that's not Bash.<br>
<br>
If you don't need **absolute real time** though, you can probably <br>
achieve this with a passive logging method - using a dedicated access <br>
log for your specific site and then process and clean your access log <br>
when your script runs on an automatedtimer, but it's not 'realtime' or <br>
'on connect' in that approach. You can still extract IPs, hostnames <br>
requested, URIs, etc. from the logs if you configure it right.<br>
<br>
On 7/11/22 16:22, Saint Michael wrote:<br>
> I did not explain myself well.<br>
> My reverse proxy is at<br>
> <a href="https://bellingcat.oneye.us/" rel="noreferrer" target="_blank">https://bellingcat.oneye.us/</a><br>
> it goes to<br>
> <a href="https://www.bellingcat.com" rel="noreferrer" target="_blank">https://www.bellingcat.com</a><br>
> so, every time somebody opens Chrome and goes to <a href="https://belloingcat.oneye.us" rel="noreferrer" target="_blank">https://belloingcat.oneye.us</a><br>
> somewhere in my definition I need to fire a bash script (or any<br>
> script) with some parameters to record the address.<br>
> I cannot believe that was not considered.<br>
> Thanks for the help.<br>
><br>
> On Mon, Jul 11, 2022 at 3:49 PM Thomas Ward <<a href="mailto:teward@thomas-ward.net" target="_blank">teward@thomas-ward.net</a>> wrote:<br>
>> Ideally you would have your reverse proxy hand off to an application<br>
>> that does this. I don't think there's an inbuilt way to execute a given<br>
>> script every time someone connects via Bash. This is something your<br>
>> backend application should really be handling.<br>
>><br>
>> On 7/11/22 15:13, Saint Michael wrote:<br>
>>> I have a reverse proxy and need to execute a bash script each time<br>
>>> somebody connects to it.<br>
>>> What is the right way to do it? I need to update a database. A<br>
>>> parameter must be the public IP of the client.<br>
>>> _______________________________________________<br>
>>> nginx mailing list -- <a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
>>> To unsubscribe send an email to <a href="mailto:nginx-leave@nginx.org" target="_blank">nginx-leave@nginx.org</a><br>
>>><br>
<br>
_______________________________________________<br>
nginx mailing list -- <a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
To unsubscribe send an email to <a href="mailto:nginx-leave@nginx.org" target="_blank">nginx-leave@nginx.org</a><br>
</blockquote></div>