reverse proxy

Jessica Dooley jessica at oplin.ohio.gov
Mon Jul 11 21:05:41 UTC 2022


 Seconding Thomas's reply - Optimally, this should be done at the
application layer.
Configure proxy_set_header to send the clients' real public IPs from the
reverse proxy to the upstream application. That way, your destination site
will see the real IP of every visitor, rather than the reverse proxy's IP.

proxy_set_header X-Real-IP $remote_addr;

https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header
https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/


It is possible to trigger a bash script by watching your reverse proxy
logs. Here is one way:
Determine a pattern that will always match the nginx log lines that you
want to log; write a bash script to tail the nginx log, and grep for
matching lines; cut the values you want to collect from the log line, and
insert them into a database.
To continuously watch for new visits, create a unit file to run the script
as a system service.

tail -Fn0 /path/to/access.log | grep --line-buffered "pattern here" | while
read -r line;
do
ip=$(echo $line | cut -f 1 -d " ") && \
timestamp=$(echo $line | cut -f 4 -d " ") && \
mysql -u user -ppass -D dbname -e "INSERT INTO table(timestamp,ip) VALUES
($timestamp, $ip)";
done

However, I would strongly suggest avoiding that method for this specific
task.

Jessica D. Dooley
Ohio Public Library Information Network
jessica at oplin.ohio.gov


On Mon, Jul 11, 2022 at 5:02 PM Thomas Ward <teward at thomas-ward.net> wrote:

> Reiterating my last statement, I don't think there's a way to configure
> this in NGINX out of the box, the closest thing I can think of is an Lua
> script that would be written to do this with the OpenRESTY Lua module,
> however I"m not a pro at that, and that's not Bash.
>
> If you don't need **absolute real time** though, you can probably
> achieve this with a passive logging method - using a dedicated access
> log for your specific site and then process and clean your access log
> when your script runs on an automatedtimer, but it's not 'realtime' or
> 'on connect' in that approach.  You can still extract IPs, hostnames
> requested, URIs, etc. from the logs if you configure it right.
>
> On 7/11/22 16:22, Saint Michael wrote:
> > I did not explain myself well.
> > My reverse proxy is at
> > https://bellingcat.oneye.us/
> > it goes to
> > https://www.bellingcat.com
> > so, every time somebody opens Chrome and goes to
> https://belloingcat.oneye.us
> > somewhere in my definition I need to fire a bash script (or any
> > script) with some parameters to record the address.
> > I cannot believe that was not considered.
> > Thanks for the help.
> >
> > On Mon, Jul 11, 2022 at 3:49 PM Thomas Ward <teward at thomas-ward.net>
> wrote:
> >> Ideally you would have your reverse proxy hand off to an application
> >> that does this.  I don't think there's an inbuilt way to execute a given
> >> script every time someone connects via Bash.  This is something your
> >> backend application should really be handling.
> >>
> >> On 7/11/22 15:13, Saint Michael wrote:
> >>> I have a reverse proxy and need to execute a bash script each time
> >>> somebody connects to it.
> >>> What is the right way to do it? I need to update a database. A
> >>> parameter must be the public IP of the client.
> >>> _______________________________________________
> >>> nginx mailing list -- nginx at nginx.org
> >>> To unsubscribe send an email to nginx-leave at nginx.org
> >>>
>
> _______________________________________________
> nginx mailing list -- nginx at nginx.org
> To unsubscribe send an email to nginx-leave at nginx.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20220711/3a03dd12/attachment.htm>


More information about the nginx mailing list