четверг, 26 декабря 2019 г.

Nginx proxy & real IP to apache 2.4.6

In centos7  apache 2.4.6 uses module remoteip instead  rpaf.
to check if module available run:

 httpd -M | grep remoteip

response should be like :

 remoteip_module (shared)

Then create file /etc/httpd/conf.modules.d/remoteip.conf:

<IfModule remoteip_module>
  RemoteIPHeader X-Forwarded-For

where - internal IP your nginx proxy

In the /etc/httpd/conf/httpd.conf file replace %h to %a in rows LogFormat

nginx conf should contain next rows:

    location / {

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass https://your_site.com;

After that, you can see real IP in logs and can set real IP in restriction rules in apache conf files.