nginx doesn't forward ip in headers to apache (rpaf is enabled)
Solution 1
That's the correct behavior. Because only your applications (run on Apache) see the real IP. For example, install a sample application such as WordPress and install real-time analytics such as Piwik. Insert the Piwik code in WordPress footer and visit your WordPress site (after logging out). Now the Piwik would show the real IP instead of what is set at RPAFproxy_ips.
BTW, the /etc/apache2/mods-enabled/rpaf.conf file is missing one important directive. It should have RPAFheader. For example, my configuration file look like this...
<IfModule mod_rpaf.c>
RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1
RPAFheader X-Forwarded-For
</IfModule>
You may also use X-Real-IP in place of X-Forwarded-For. In either case, please make sure nginx is configured to send real IP in its header. For example, if you use X-Forwarded-For, then your nginx configuration should contain the following...
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $remote_addr;
Solution 2
Change the <IfModule "">
reference from mod_rpaf.c
to rpaf_module
.
This fixed the issue for me on Debian Squeeze and Ubuntu 12.04.
Related videos on Youtube
rush
Updated on September 18, 2022Comments
-
rush over 1 year
I'm trying to set up nginx as front-end and apache as back-end on my server. All goes as usual, I've installed libapache2-mod-rpaf. But apache doesn't see real client ip and some .htaccess restrictions based on ip don't work at all, cause apache sees only local ip.
Here is nginx vhost configuration^
server { listen 80; server_name domain; location ~* ^/(admin/|dump/|) { proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://127.0.0.1:8080; proxy_redirect http://domain:8080/ /; } location / { proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://127.0.0.1:8080; proxy_redirect http://domain:8080/ /; } location ~* ^.+\.(jpg|swf|flv|ico|txt|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar)$ { access_log /var/www/logs/domain.nginx.access.log; error_page 404 = @fallback; if ( $host ~* ^((.*).domain)$ ) { set $proot /var/www/$1; break; } if ( $host = "domain" ) { break; } root /var/www/domain; } location @fallback { proxy_pass http://127.0.0.1:8080; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; } }
And here is apache vhost configuration:
<VirtualHost *:8080> ServerName domain DocumentRoot /var/www/domain DirectoryIndex index.php CustomLog /var/www/logs/domain.access.log combined ErrorLog /var/www/logs/domain.error.log ServerAdmin info@domain AddDefaultCharset utf8 php_admin_value open_basedir "/var/www/mod-tmp:.:/var/www/domain" php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f webmaster@domain" php_admin_value upload_tmp_dir "/var/www/mod-tmp" php_admin_value session.save_path "/var/www/mod-tmp" AddType application/x-hwikipd-php .php .php3 .php4 .php5 .phtml AddType application/x-hwikipd-php-source .phps <Directory /var/www/domain> Options All AllowOverride All </Directory> </VirtualHost>
As I can see in nginx log:
xxx.yyy.98.14 - - [28/Jan/2012:02:08:29 +0400] "GET / HTTP/1.0" 403 179 "-" "w3m/0.5.3"
It sees my real ip.
But in apache log it sees only local ip:
127.0.0.1 - - [28/Jan/2012:02:08:29 +0400] "GET / HTTP/1.0" 403 390 "-" "w3m/0.5.3"
rpaf is enabled.
$ cat /etc/apache2/mods-enabled/rpaf.conf <IfModule mod_rpaf.c> RPAFenable On RPAFsethostname On RPAFproxy_ips 127.0.0.1 ::1 </IfModule> $ cat /etc/apache2/mods-enabled/rpaf.load LoadModule rpaf_module /usr/lib/apache2/modules/mod_rpaf.so $ ls -l /usr/lib/apache2/modules/mod_rpaf.so -rw-r--r-- 1 root root 8488 Oct 17 20:47 /usr/lib/apache2/modules/mod_rpaf.so
So, what is wrong?
ps. I have restarted nginx and apache several times after saving this configs, but there are no any changes.
-
rush over 12 yearshm, I changed rpaf.conf and nginx vshost settings as you said and restarted apache and nginx, but nothing changed. Do I need to do something else? btw, I checked the same settings on another host and everything works well.
-
Pothi Kalimuthu over 12 yearsI'm sorry, I shared what I've known. May be someone else might help you further, thanks.
-
Pothi Kalimuthu over 12 yearsOkay, instead of RPAFheader X-Forwarded-For, please try RPAFheader X-Real-IP. Thanks.
-
Tuinslak almost 10 yearsThis solved it for me. Lots of guides use mod_rpaf and not rpaf_module. Be sure to place it in your vhosts, and not in your apache2.conf as well.