In centos7 apache 2.4.6 uses module remoteip instead rpaf.
to check if module available run:
httpd -M | grep remoteip
response should be like :
remoteip_module (shared)
Then create file /etc/httpd/conf.modules.d/remoteip.conf:
<IfModule remoteip_module>
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 172.27.0.1
</IfModule>
In the /etc/httpd/conf/httpd.conf file replace %h to %a in rows LogFormat
nginx conf should contain next rows:
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
to check if module available run:
httpd -M | grep remoteip
response should be like :
remoteip_module (shared)
Then create file /etc/httpd/conf.modules.d/remoteip.conf:
<IfModule remoteip_module>
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 172.27.0.1
</IfModule>
where 172.27.0.1 - internal IP your nginx proxy
In the /etc/httpd/conf/httpd.conf file replace %h to %a in rows LogFormat
nginx conf should contain next rows:
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://your_site.com;
}
After that, you can see real IP in logs and can set real IP in restriction rules in apache conf files.
Комментариев нет:
Отправить комментарий