We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Pass real ip via nginx
Pass real ip via nginx
Hello, several customers using mod_authz features of apache server, especially ip based filtering for website parts, but nginx doesn't pass remote ip to apache server, it uses server ip address for all requests.
Please add those changes to the next updates of vesta
In nginx templates (/usr/local/vesta/data/templates/web/nginx/) add more options after proxy_pass
As for apache, there is mod_rpaf, here is config, note that you need to change RPAFproxy_ips YOUR_SERVER_IP
Resave web site configs in vesta panel and all access rules should now work.
Strange that vesta uses external server ip for proxying instead of loopback or unix socket.
Please add those changes to the next updates of vesta
In nginx templates (/usr/local/vesta/data/templates/web/nginx/) add more options after proxy_pass
Code: Select all
....
proxy_pass http://%ip%:%web_port%;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
...
Code: Select all
<IfModule rpaf_module>
RPAFenable On
# When enabled, take the incoming X-Host header and
# update the virtualhost settings accordingly:
RPAFsethostname On
# Define which IP's are your frontend proxies that sends
# the correct X-Forwarded-For headers:
RPAFproxy_ips 127.0.0.1 ::1
RPAFproxy_ips YOUR_SERVER_IP
# Change the header name to parse from the default
# X-Forwarded-For to something of your choice:
# RPAFheader X-Real-IP
</IfModule>
Strange that vesta uses external server ip for proxying instead of loopback or unix socket.
Re: Pass real ip via nginx
I would suggest you to submit an enhancement request in their bug tracker if you want this to be heard right away
https://bugs.vestacp.com
https://bugs.vestacp.com