That seems to have worked - thanks!
On Sun, Sep 1, 2019 at 2:05 PM Mark Thomas <ma...@apache.org> wrote: > On September 1, 2019 2:52:36 PM UTC, Sean Dawson <seandawson2...@gmail.com> > wrote: > >Hello, I'm trying to get the actual client IP address in the Tomcat > >access > >logs rather than the 127.0.0.1 that's coming from nginx. > > > >CentOS 7.6 (on AWS) > >Amazon Coretto 1.8.0_222.b10-1.x86_64 > >Tomcat 8.5.45.0 (extracted from tar.gz) > >Nginx 1.12.2 (very basic setup) > > > >http (80) / https (443) to nginx > >Tomcat running on 8080 > > > >localhost_access_log shows all requests coming from ip: 127.0.0.1 > > > >How do I get it to show the real IP address coming in through nginx ? > > > >I've tried various combinations of these - and others (and in various > >sections of the nginx.conf)... > > > >proxy_set_header Host $host; > >proxy_set_header X-Real-IP $remote_addr; > >proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > > > >I've tried adding this to Tomcat server.xml (in the Engine section): > > > ><Valve className="org.apache.catalina.valves.RemoteIpValve" > > internalProxies="127\.0\.[0-1]\.1" > > remoteIpHeader="x-forwarded-for" > > requestAttributesEnabled="true" > > protocolHeader="x-forwarded-proto" > > protocolHeaderHttpsValue="https"/> > > > >(As well as trying changing https to http.) > > > >I've also tried modifying this based on something I found online but it > >didn't help: > > > > <Valve className="org.apache.catalina.valves.AccessLogValve" > >directory="logs" > > prefix="localhost_access_log" suffix=".txt" > > pattern="%h %l %u %t "%r" %s %b" /> > > The remote ip valve looks ok. > > Use the default access log valve but add requestAttributesEnabled="true" > > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >