cb2.0 nginx_apache how to get real ip

alect

Verified User
Joined
Jan 12, 2011
Messages
17
I tried to install cb2.0 nginx_apache yesterday,apache can't get the real client ip

Apache/2.4.10 nginx 1.6.1
I edit the httpd.conf file to use built-in module mod_remoteip.so

#LoadModule remoteip_module /usr/lib/apache/mod_remoteip.so
RemoteIPHeader X-Real-IP
RemoteIPInternalProxy 127.0.0.1
but i still can't get the real client ip,the server-status page show all 127.0.0.1

any suggestion?
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,932
Location
GMT +7.00
Hello,

It gets real IPs, you may see in $_SERVER with PHP or in apache logs; but it shows incorrect IP in apache's server status.

Make sure to have unzip installed on your server:

RHEL/CentOS
Code:
yum install unzip
Debian/Ubuntu
Code:
apt-get install unzip
You need to install mod_rpaf for that, as remoteip is buggy in this case:

Code:
cd /usr/local/src
wget [URL]https://github.com/y-ken/mod_rpaf/archive/master.zip[/URL]
unzip master.zip
cd mod_rpaf-master
/bin/sed -i "s/remote_/client_/g" mod_rpaf-2.0.c
make && make install
and insert following instructions:

Code:
LoadModule rpaf_module      /usr/lib/apache/mod_rpaf-2.0.so
<IfModule mod_rpaf-2.0.c>
    RPAFenable On
    RPAFproxy_ips 127.0.0.1 11.22.33.44
    RPAFsethostname On
    RPAFheader X-Client-IP
</IfModule>
into /etc/httpd/conf/extra/httpd-includes.conf

and replace 11.22.33.44 with a list of all public ips on your network device.

and restart apache.
 

alect

Verified User
Joined
Jan 12, 2011
Messages
17
it works.thanks.
but When I use Cloudflare or Incapsula CDN services,it seems only show client ip of the proxy ips(cloudflare ips or incapsula ips),
and i have already added their ips to the list.any suggestion?
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,932
Location
GMT +7.00
Do they [Cloudflare or Incapsula CDN] send a real ip of your visitors and how?
 

alect

Verified User
Joined
Jan 12, 2011
Messages
17
thank you all folks.
I have found answer via http://centminmod.com/nginx_configure_cloudflare.html

I have to modify nginx instead of apache.

simplely add these code to /etc/nginx/nginx.cof and it works.
# Incapsula
set_real_ip_from 199.83.128.0/21;
set_real_ip_from 198.143.32.0/19;
set_real_ip_from 149.126.72.0/21;
set_real_ip_from 103.28.248.0/22;
set_real_ip_from 45.64.64.0/22;
set_real_ip_from 185.11.124.0/22;
set_real_ip_from 192.230.64.0/18;
real_ip_header X-Forwarded-For;
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,932
Location
GMT +7.00
You probably need to replace

Code:
real_ip_header X-Forwarded-For;
with
Code:
real_ip_header X-Client-IP;
in nginx.conf and remember to modify /usr/local/directadmin/custombuild/configure/nginx_reverse/conf/nginx.conf and copy it to /usr/local/directadmin/custombuild/custom/nginx_reverse/conf/nginx.conf
 

alect

Verified User
Joined
Jan 12, 2011
Messages
17
@zEitEr,
so far it works fine now,
I have checked the httpd logs,
everything looks good,and apache server-status page shows correct ips.:D
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,932
Location
GMT +7.00
To protect your changes in nginx.conf you are recommended to put them into /usr/local/directadmin/custombuild/configure/nginx_reverse/conf/nginx.conf and copy it to /usr/local/directadmin/custombuild/custom/nginx_reverse/conf/nginx.conf. Otherwise you might lose them.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,495
Location
LT, EU
Some news: ap_get_remote_host() should be fixed today in Apache trunk so that server/core.c would correctly return useragent_ip, and not client_ip :) And patching could be included into CB 2.0 then.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,495
Location
LT, EU
A patch is now added to CB 2.0 :) So, "./build update; ./build apache" is enough to fix the problem
 

gate2vn

Verified User
Joined
Nov 9, 2004
Messages
298
I hate to re-open an old thread, but I am facing to this trouble in 2 servers. Both are running DA 1.49.1 with CB 2.0.0 (rev: 1457). Server-status page always shows the server IP, not user IPs. Here is the compiled modules. Do I miss anything?
# httpd -l
Compiled in modules:
core.c
mod_authn_file.c
mod_authn_dbm.c
mod_authn_anon.c
mod_authn_dbd.c
mod_authn_socache.c
mod_authn_core.c
mod_authz_host.c
mod_authz_groupfile.c
mod_authz_user.c
mod_authz_dbm.c
mod_authz_owner.c
mod_authz_dbd.c
mod_authz_core.c
mod_access_compat.c
mod_auth_basic.c
mod_auth_form.c
mod_auth_digest.c
mod_allowmethods.c
mod_file_cache.c
mod_cache.c
mod_cache_disk.c
mod_cache_socache.c
mod_socache_shmcb.c
mod_socache_dbm.c
mod_socache_memcache.c
mod_so.c
mod_macro.c
mod_dbd.c
mod_dumpio.c
mod_buffer.c
mod_ratelimit.c
mod_reqtimeout.c
mod_ext_filter.c
mod_request.c
mod_include.c
mod_filter.c
mod_substitute.c
mod_sed.c
mod_deflate.c
http_core.c
mod_mime.c
mod_log_config.c
mod_log_debug.c
mod_logio.c
mod_env.c
mod_expires.c
mod_headers.c
mod_unique_id.c
mod_setenvif.c
mod_version.c
mod_remoteip.c
mod_proxy.c
mod_proxy_connect.c
mod_proxy_ftp.c
mod_proxy_http.c
mod_proxy_fcgi.c
mod_proxy_scgi.c
mod_proxy_wstunnel.c
mod_proxy_ajp.c
mod_proxy_balancer.c
mod_proxy_express.c
mod_session.c
mod_session_cookie.c
mod_session_dbd.c
mod_slotmem_shm.c
mod_ssl.c
mod_lbmethod_byrequests.c
mod_lbmethod_bytraffic.c
mod_lbmethod_bybusyness.c
mod_lbmethod_heartbeat.c
mod_unixd.c
mod_dav.c
mod_status.c
mod_autoindex.c
mod_info.c
mod_suexec.c
mod_cgi.c
mod_dav_fs.c
mod_dav_lock.c
mod_vhost_alias.c
mod_negotiation.c
mod_dir.c
mod_actions.c
mod_speling.c
mod_userdir.c
mod_alias.c
mod_rewrite.c
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,495
Location
LT, EU
What's the version of apache? Please check "httpd -v".
 

gate2vn

Verified User
Joined
Nov 9, 2004
Messages
298
I am using 2.4.17. But all are fine after running "./build rewrite_confs". Is that command fixing apache/nginx only, or other configurations such as exim, ftp, etc. too?

Thanks.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,495
Location
LT, EU
The command affects WWW server configs only (in your case nginx&apache).
 

gate2vn

Verified User
Joined
Nov 9, 2004
Messages
298
It would be nice that the command shows what it did with the config, or at least which file it restored :)

Thanks.
 
Top