Solution to obtain the source IP address. REMOTE_ADDR

[dsystem]

Ola!!! I'm Daniel of Brazil and new VestaCP fan. This weekend I put on my new server this excellent Panel.

I'm having a little problem that I solve with help from you.

I'm using:
Ubuntu 14.04.1 e VestaCP Version: 0.9.8 (amd64)

When I run this script. I have as a result the server IP.

Code: Select all

<?php
echo $_SERVER['REMOTE_ADDR'];
?>

When I run this script. I have as a result the client IP correctly.

Code: Select all

<?php
echo $_SERVER['HTTP_X_REAL_IP'];
?>

I noticed that vestaCP originally this configured to circumvent this problem.
/etc/apache2/mods-enabled/rpaf.conf

Code: Select all

<IfModule rpaf_module>
    RPAFenable On

    # When enabled, take the incoming X-Host header and
    # update the virtualhost settings accordingly:
    RPAFsethostname On

    # Define which IP's are your frontend proxies that sends
    # the correct X-Forwarded-For headers:
    RPAFproxy_ips 127.0.0.1 ::1 xxx.xxx.185.66 xxx.xxx.185.67

    # Change the header name to parse from the default
    # X-Forwarded-For to something of your choice:
#   RPAFheader X-Real-IP
</IfModule>

/etc/nginx/nginx.conf

Code: Select all

# Server globals
user                    nginx;
worker_processes        2;
error_log               /var/log/nginx/error.log;
pid                     /var/run/nginx.pid;


# Worker config
events {
        worker_connections  1024;
        use                 epoll;
}


http {
    # Main settings
    sendfile                        on;
    tcp_nopush                      on;
    tcp_nodelay                     on;
    client_header_timeout           1m;
    client_body_timeout             1m;
    client_header_buffer_size       2k;
    client_body_buffer_size         256k;
    client_max_body_size            100m;
    large_client_header_buffers     4   8k;
    send_timeout                    30;
    keepalive_timeout               60 60;
    reset_timedout_connection       on;
    server_tokens                   off;
    server_name_in_redirect         off;
    server_names_hash_max_size      512;
    server_names_hash_bucket_size   512;


    # Log format
    log_format  main    '$remote_addr - $remote_user [$time_local] $request '
                        '"$status" $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" "$http_x_forwarded_for"';
    log_format  bytes   '$body_bytes_sent';
    #access_log          /var/log/nginx/access.log  main;
    access_log off;


    # Mime settings
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;


    # Compression
    gzip                on;
    gzip_comp_level     9;
    gzip_min_length     512;
    gzip_buffers        8 64k;
    gzip_types          text/plain text/css text/javascript
                        application/x-javascript;
    gzip_proxied        any;

 # Proxy settings
    proxy_redirect      off;
    proxy_set_header    Host            $host;
    proxy_set_header    X-Real-IP       $remote_addr;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass_header   Set-Cookie;
    proxy_connect_timeout   90;
    proxy_send_timeout  90;
    proxy_read_timeout  90;
    proxy_buffers       32 4k;


    # SSL PCI Compliance
    ssl_session_cache   shared:SSL:10m;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    # Error pages
    error_page          403          /error/403.html;
    error_page          404          /error/404.html;
    error_page          502 503 504  /error/50x.html;


    # Cache
    proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m;
    proxy_cache_key "$host$request_uri $cookie_user";
    proxy_temp_path  /var/cache/nginx/temp;
    proxy_ignore_headers Expires Cache-Control;
    proxy_cache_use_stale error timeout invalid_header http_502;
    proxy_cache_valid any 3d;

    map $http_cookie $no_cache {
        default 0;
        ~SESS 1;
        ~wordpress_logged_in 1;
    }


    # Wildcard include
    include             /etc/nginx/conf.d/*.conf;
}

I have done some tests and researched a lot about the subject, so far I have not received a solution yet. I believe that for some reason the rpaf mod is not working.

[joem]

viewtopic.php?f=10&t=6488

[dsystem]

I tried all the tips in this topic cited. But it didn't work.

I found out that apache 2.4 has the remoteip native and the rpaf is no longer supported.

I'll put here changes in Ubuntu 14.04.1

Remove rpaf that doesn't work.
# apt-get remove libapache2-mod-rpaf

create the file remoteip.conf
# nano /etc/apache2/mods-available/remoteip.conf

Code: Select all

<IfModule mod_remoteip.c>
RemoteIPHeader X-Real-IP
RemoteIPInternalProxy 127.0.0.1
RemoteIPInternalProxy xxx.xxx.185.66 // server ip
</IfModule>

Activate remoteip which is native in Apache 2.4
a2enmod remoteip
service apache2 restart

Now works perfectly...

[rocoep]

Signed up on this board just to say thank you to Daniel. Your solution worked perfect.

My SMF forum was reporting the web servers IP address instead of the users real IP address. Your instructions fixed it.

Thanks for the help!!

[underdoggie]

Hi there,

This solution does not seem to work anymore on Debian 8.1 and VestaCP.

# apt-get remove libapache2-mod-rpaf
Does not remove the mod

and

a2enmod remoteip
shuts down Apache2

Apache works only after I
a2dismod remoteip

Any ideas?

Thanks.

[mike08]

Hi there,

This solution does not seem to work anymore on Debian 8.1 and VestaCP.

# apt-get remove libapache2-mod-rpaf
Does not remove the mod

and

a2enmod remoteip
shuts down Apache2

Apache works only after I
a2dismod remoteip

Any ideas?

Thanks.

Hey,

Do not activate remoteip, maybe the reason why it doesn't activate the mod its because its not installed?
Try apt-get install libapache2-mod-rpaf and then try this this: viewtopic.php?f=11&t=9498&p=33193#p33193

Make sure to make backups of your original config files before applying this on a presentation host.

Let us know if that works.

[xandehenrique]

I have ubuntu 14.04 64bit and me these methods did not work, still can not see origins of the IP's of visitors in prestashop.

[rasha]

Your solution worked perfect.


_________________
casinomagzine
one piece filler list
minimum age to work at starbucks

[skurudo]

Edited not solved.. ;-(

[dsystem]

This weekend I set up a new server with vestaCP version: 0.9.8 (amd64) Release: 15
14.04.4 Ubuntu LTS

I thought that in this version this bug already would be solved. But the problem persists.

Solved with the tip I posted above.