Pass real ip via nginx
Posted: Wed Jul 09, 2014 8:17 am
Hello, several customers using mod_authz features of apache server, especially ip based filtering for website parts, but nginx doesn't pass remote ip to apache server, it uses server ip address for all requests.
Please add those changes to the next updates of vesta
In nginx templates (/usr/local/vesta/data/templates/web/nginx/) add more options after proxy_pass
As for apache, there is mod_rpaf, here is config, note that you need to change RPAFproxy_ips YOUR_SERVER_IP
Resave web site configs in vesta panel and all access rules should now work.
Strange that vesta uses external server ip for proxying instead of loopback or unix socket.
Please add those changes to the next updates of vesta
In nginx templates (/usr/local/vesta/data/templates/web/nginx/) add more options after proxy_pass
Code: Select all
....
proxy_pass http://%ip%:%web_port%;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
...
Code: Select all
<IfModule rpaf_module>
RPAFenable On
# When enabled, take the incoming X-Host header and
# update the virtualhost settings accordingly:
RPAFsethostname On
# Define which IP's are your frontend proxies that sends
# the correct X-Forwarded-For headers:
RPAFproxy_ips 127.0.0.1 ::1
RPAFproxy_ips YOUR_SERVER_IP
# Change the header name to parse from the default
# X-Forwarded-For to something of your choice:
# RPAFheader X-Real-IP
</IfModule>
Strange that vesta uses external server ip for proxying instead of loopback or unix socket.