Hi Brandon, you have to add the IP address of your Apache httpd reverse proxy to the trusted_proxies <https://github.com/Graylog2/graylog2-server/blob/2.1.2/misc/graylog.conf#L124-L126> configuration setting so that it can override the client IP address.
Cheers, Jochen On Tuesday, 8 November 2016 14:14:07 UTC+1, BKeep wrote: > > Sorry, I forgot to add that in the original post. > Graylog v2.1.1+01d50e5 > openJDK JAVA v1.8.0_102 > Apache v2.4.6 > CentOS 7.2 / 3.10.0-327.36.2.el7.x86_64 > > Regards > > On Tuesday, November 8, 2016 at 2:09:38 AM UTC-6, Jochen Schalanda wrote: >> >> Hi Brandon, >> >> which version of Graylog are you using? >> >> Cheers, >> Jochen >> >> On Tuesday, 8 November 2016 05:38:41 UTC+1, BKeep wrote: >>> >>> I have setup a proxy using apache and it is working okay except for a >>> few minor things. When I navigate to the user accounts page at >>> https:/server.domain.tld/system/authentication. The IP that shows up for >>> logged in users is 127.0.0.1 when the expected ip would be the remote >>> client. I did a little bit of googling and came across the RemoteIPHeader >>> directive but setting that didn't seem to make any difference. If anyone >>> can give some guidance I would appreciate it. >>> >>> # Listen for requests on port 80 >>> # NameVirtualHost *:80 >>> <VirtualHost *:80> >>> ServerName server >>> Redirect permanent / https://server.domain.tld/ >>> </VirtualHost> >>> >>> <VirtualHost *:443> >>> ServerName server.domain.tld >>> ProxyRequests Off >>> >>> # SSL Settings >>> SSLEngine on >>> SSLProtocol all -SSLv2 -SSLv3 >>> SSLCertificateFile /etc/pki/tls/certs/cert.crt >>> SSLCertificateKeyFile /etc/pki/tls/private/key.key >>> SSLCertificateChainFile /etc/pki/tls/certs/SHA256.crt >>> >>> <Proxy *> >>> Order deny,allow >>> Allow from all >>> </Proxy> >>> >>> RemoteIPHeader X-Forwarded-For >>> >>> <Location /> >>> RequestHeader set X-Graylog-Server-URL " >>> https://server.domain.tld/api/"; >>> ProxyPass http://127.0.0.1:9000/ >>> ProxyPassReverse http://127.0.0.1:9000/ >>> </Location> >>> <Location /api/> >>> ProxyPass http://127.0.0.1:9000/api/ >>> ProxyPassReverse http://127.0.0.1:9000/api/ >>> </Location> >>> </VirtualHost> >>> >>> Regards, >>> Brandon >>> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/e0ff427c-613d-4684-997a-035275ebf8eb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
