[graylog2] Re: nginx reverse proxy messing up gl2_remote_ip

Mon, 26 Sep 2016 03:51:56 -0700 

Hi Daniele,

your client has to set the "host" field of the GELF message 
correctly: 
http://docs.graylog.org/en/2.1/pages/gelf.html#gelf-format-specification

Cheers,
Jochen

On Monday, 26 September 2016 10:50:17 UTC+2, Daniele wrote:
>
> Hi,
>
> we're using nginx as reverse proxy in front of our graylog server. This 
> works fine beside logging the clients IP address.
> Following rule adds the IP address to our GELF http input:
>
> rule "add ip"
> when
>     true
> then
>     set_field("ip", to_ip($message.gl2_remote_ip));
> end
>
> If we post data to the input-ip / port combination 
> (http://<*ip>*:*12202*/gelf) 
> it works as expected.
>
> We configured our nginx as reverse proxy as follows:
>
> server {
>    listen 443 ssl;
>    server_name log-input.server-name.de;
>
>    ssl_certificate_key /etc/ssl/server.key;
>    ssl_certificate /etc/ssl/server.crt;
>
>    error_log /var/log/nginx/error.log debug;
>
>    location / {
>        proxy_pass http://127.0.0.1:12202;
>        proxy_redirect off;
>
>        proxy_set_header Host $host;
>        proxy_set_header X-Real-IP $remote_addr;
>        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>        proxy_set_header X-Forwarded-Host   $host:443;
>
>        proxy_set_header X-Forwarded-Server $host;
>        proxy_set_header X-Forwarded-Port   443;
>        proxy_set_header X-Forwarded-Proto  https;
>        proxy_set_header X-Scheme $scheme;
>
>        # testing remote addr combinations
>        proxy_set_header REMOTE_ADDR $remote_addr;
>        proxy_set_header Remote_Addr $remote_addr;
>        # /testing remote addr combinations
>
>        proxy_pass_request_headers on;
>        proxy_connect_timeout 150;
>        proxy_send_timeout 100;
>        proxy_read_timeout 100;
>        proxy_buffers 4 32k;
>        client_max_body_size 8m;
>        client_body_buffer_size 128k;
>    }
> }
>
>
>
> Unfortunately the logging result with post-requests to *https://log-input 
> <https://log-input>.<server-name>.de/gelf* shows 127.0.0.1 as IP address, 
> instead of the real client *$remote_addr*.
> The activated debug log (*/var/log/nginx/error.log*) shows the IP address 
> correctly. It seems that *gl2_remote_ip* does not handle HTTP headers as 
> expected. 
>
> Has someone a solution for our problem?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/93ed7b59-2c8e-4566-928e-34341d6f6d9b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to