Nginx as a reverse proxy for Apache
A traditional setup is having Nginx as a frontend and then running Apache through reverse proxy. The Apache logs become full of just a single IP address, the accesses from the Nginx server – usually 127.0.0.1 if you are running both on the same server.
No more GeoIP decisions on the backend or any other feature by remote address.
But we know that Nginx passes along the original client IP address on a HTTP header named
X-Forwarded-For to the backend server. It would be awesome if Apache could deal with that,
Have no fear, Reverse Proxy Add Forward is here!
Fortunately there is already a module that injects the IP on a special header to the HTTP request to Apache:
The installation couldn’t be more simple than
$ sudo apt-get install libapache2-mod-rpaf
It will enabled it automatically
In Nginx I usually include
/etc/nginx/proxy.conf in my configuration. It already has these lines to help that everything works easily
proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Just restart the Apache server
$ sudo service apache2 restart
But there’s a problem
Unfortunately it won’t work if you are using Ubuntu 12.04.
mod_rpaf is not working on Precise !
There is a bug with the package that is known to Canonical since last December as you can see in the bug track. Being a LTS version I don’t understand this attitude from them.
$ cat /etc/apache2/mods-enabled/rpaf.conf <IfModule mod_rpaf.c> RPAFenable On RPAFsethostname On RPAFproxy_ips 127.0.0.1 ::1 </IfModule>
And the problem is that it is originally named
$ strings /usr/lib/apache2/modules/mod_rpaf.so | grep mod_rpaf mod_rpaf.so mod_rpaf-2.0.c Enable mod_rpaf Let mod_rpaf set the hostname from X-Host header and update vhosts
Just edit the first line of
/etc/apache2/mods-enabled/rpaf.conf and change it to
Restart again the Apache2 server and you will start to get all those remote IPs on your log files.
If it was not for the known bug this post could have been just one line to install