Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
P
P
Pavel Galkin2011-12-08 20:02:38
Nginx
Pavel Galkin, 2011-12-08 20:02:38

Logging visitor address in Nginx, Varnish, Apache bundle?

Good afternoon.
There is a bunch of Nginx -> Varnish -> Apache.
Nginx adds the client's ip as X-forwarded for, Varnish sticks nginx's ip to it.
Apache uses mod_rpaf to set REMOTE_IP to nginx's ip, not to the client.
If we remove varnish, everything works as it should - we get the client address in the Apache log.
How can I make the scripts in the remote-ip receive the client's ip in the current link as well?
Part of nginx config

proxy_pass <a href="http://127.0.0.1">127.0.0.1</a>:8081;<br/>
proxy_set_header Host $host;<br/>
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br/>
proxy_set_header X-Real-IP $remote_addr;

Apache2 config part
LoadModule rpaf_module modules/mod_rpaf.so<br/>
RPAFenable on<br/>
RPAFsethostname On<br/>
RPAFproxy_ips 127.0.0.1<br/>

Vanisha config is standard (we tried not too standard options, it didn’t work). If you remove the varnish, everything works as it should.
How to make the scripts in the remote-ip receive the client's ip in the original bundle as well?
Thank you.
UPDATE
The funny thing is that all this data is visible - varnishlog -c -o SessionOpen $IP, but they do not go beyond the varnish:
13 RxHeader c X-Forwarded-For: 90.157.47.15<br/>
 13 RxHeader c X-Real-IP: 90.157.47.15<br/>
 13 RxHeader c X-Forwarded-For-nginx: 90.157.47.15-nginx<br/>
 13 RxHeader c X-Real-IP-nginx: 90.157.47.15<br/>

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
P
Pavel Galkin, 2011-12-09
@skurudo

I tried it this way - only the server address still gets into Apache, whether RPAF is enabled or not.
I tried without manipulations, but for some reason they just don’t reach the Apache. It is necessary to exclude varnish from this chain, as everything becomes normal.
Version -3.0.2

Report
X
xaker1, 2011-12-08
@xaker1

What if you try to add
RPAFheader X-Forwarded-For-nginx
Apache to the config and replace proxy_set_header in the nginx config with In fact, nginx will shove ip into a different header that Vanisha will not know about.
proxy_set_header X-Forwarded-For-nginx $proxy_add_x_forwarded_for-nginx;

Report
I
Ivan, 2011-12-09
@iSage

Varnish config can be viewed? In the standard one, with X-Forwarded-For, all sorts of manipulations are performed, try commenting them out.

Report
I
Ivan, 2011-12-09
@iSage

Well, like this: The incoming header is deleted and the ngniks ip is set. My scheme is a little more complicated, ngniks-> varnish-> ngnix-> php-fpm and the second ngix comes as it should: ip-client, ip-ngniks. The config of ngniks is similar on these points. There are no manipulations with X-Forwarded-For in the varnish config (in this case, the default ones work) What version of the varnish?
remove req.http.X-Forwarded-For;
set req.http.X-Forwarded-For = client.ip;

Similar questions
D
DeniSidorenko2017-11-04 14:11:23
Does it make sense to do SEO optimization and security settings if the site is transferred to another hosting and another domain? 4Reply
F
foundationick2017-09-13 00:32:16
Nginx set requests limit per second, for requests with certain parameters in query or body (POST,GET)? 1Reply
I
Igor A2020-02-09 13:21:33
nginx routing. php7.0-fpm and php7.3-fpm on the same host? 1Reply
C
ciedooy2017-09-18 10:43:46
Nginx + php-fpm giving 500 requests/second? 2Reply
W
WebDev2017-09-18 15:08:40
How to write logs of visits to the site? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question