> I'm having some issues with getting X-Forwarded-For set consistently for
> upstream proxy requests. The server runs Nginx/OpenResty in front of
> Apache, and has domains hosted behind Cloudflare as well as direct. The ones
> behind Cloudflare show the correct X-Forwarded-For header being > set, using
> (snippet):
Imo your approach is too complicated (unless I missed something).
If your setup is Cloudflare -> nginx -> apache then if you configure the real
ip module on nginx you can just always pass the $remote_addr to the Apache
backend:
http {
set_real_ip_from 167.114.56.190/32;
[..]
set_real_ip_from 167.114.56.191/32;
real_ip_header X-Forwarded-For;
proxy_set_header X-Forwarded-For $remote_addr;
In case the request is direct $remote_addr will contain client ip (and it will
be passed to Apache), if the request comes from trusted proxies the realip
module will automatically overwrite $remote_addr variable with the one in the
X-Forwarded-For header
(if you still want to log the original client ip you can use
$realip_remote_addr
(http://nginx.org/en/docs/http/ngx_http_realip_module.html#variables) ).
rr
_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
