Keep client ip address
Igor Sysoev
is at rambler-co.ru
Sat Dec 30 21:26:05 MSK 2006
> I have the following system:
> - a machine doing NAT that sends all connections of port 9000 (testing
> purposes) to a machine turning nginx 4.14 at 192.168.1.21.
> - This machine sends the requests to 192.168.1.15, a machine running
> apache with mod_python and django.
>
> The forwarding works just great, but I would like the logs of Apache
> to use the client's IP, not 192.168.1.21, in order not to change
> anything for the different sites administrators.
>
> In order to do this, I've this configuration:
>
> server {
> listen 80;
> server_name www.mysite.com;
> # vhost specific logs
> access_log /var/log/nginx/www.mysite.com.access.log combined;
>
> #Set the max size for file uploads to 50Mb
> client_max_body_size 50M;
>
> location / {
> proxy_pass http://192.168.1.15;
> proxy_redirect off;
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>
> set_real_ip_from 192.168.1.0/24;
> real_ip_header X-Real-IP;
> }
> }
>
> Is what i want to do possible? Does my approach make sense?
nginx passes a client address in X-Real-IP or X-Forwarded-For using
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
On Apache side you need to set mod_rpaf ( http://stderr.net/apache/rpaf/ )
On nginx side you do not need
set_real_ip_from 192.168.1.0/24;
real_ip_header X-Real-IP;
They do the same thing as mod_rapf for Apache.
> PS: Please include my mail address in your replies.
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list