4

How to get the original IP address in Apache2 behind Nginx

Nginx as a reverse proxy for Apache

A traditional setup is having Nginx as a frontend and then running Apache through reverse proxy. The Apache logs become full of just a single IP address, the accesses from the Nginx server – usually 127.0.0.1 if you are running both on the same server.

No more GeoIP decisions on the backend or any other feature by remote address.

But we know that Nginx passes along the original client IP address on a HTTP header named X-Forwarded-For to the backend server. It would be awesome if Apache could deal with that,

Have no fear, Reverse Proxy Add Forward is here!

Fortunately there is already a module that injects the IP on a special header to the HTTP request to Apache: mod_rpaf

The installation couldn’t be more simple than

$ sudo apt-get install libapache2-mod-rpaf

It will enabled it automatically

/etc/apache2/mods-enabled/rpaf.conf
/etc/apache2/mods-enabled/rpaf.load

In Nginx I usually include /etc/nginx/proxy.conf in my configuration. It already has these lines to help that everything works easily

proxy_set_header    Host            $host;
proxy_set_header    X-Real-IP       $remote_addr;
proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;

Just restart the Apache server

$ sudo service apache2 restart

But there’s a problem

Unfortunately it won’t work if you are using Ubuntu 12.04.

mod_rpaf is not working on Precise !

There is a bug with the package that is known to Canonical since last December as you can see in the bug track. Being a LTS version I don’t understand this attitude from them.

$ cat /etc/apache2/mods-enabled/rpaf.conf 
<IfModule mod_rpaf.c>
RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1 ::1
</IfModule>

And the problem is that it is originally named mod_rpaf-2.0.c.

$ strings /usr/lib/apache2/modules/mod_rpaf.so | grep mod_rpaf
mod_rpaf.so
mod_rpaf-2.0.c
Enable mod_rpaf
Let mod_rpaf set the hostname from X-Host header and update vhosts

Just edit the first line of /etc/apache2/mods-enabled/rpaf.conf and change it to

<IfModule rpaf_module>

Restart again the Apache2 server and you will start to get all those remote IPs on your log files.

Conclusion

If it was not for the known bug this post could have been just one line to install mod_rpaf

:-)

4 Comments

  1. Hey. i have installed libapache2-mod-rpaf in apache restarted it and checked y conf in nginx :
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    but it isn’t working?

Leave a Reply