[BlueOnyx:22016] nginx issue (another one)
Maurice de Laat
mdlaat at muisnetwerken.nl
Sun May 6 16:06:08 -05 2018
Hi List,
I have another issue with nginx as ssl proxy for apache:
For apache, every incoming traffic now has set as source the own ip of
the vsite. This is because that is the ipaddress of nginx. This prevents
allow/deny ipaddress options in a htaccess working, and also prevents
wordpress spamming blocking techniques to work.
The solution seems to be to tell apache to use the ipaddress for which
nginx is proxying as the source.
So, I have added the file /etc/http/conf.d/nginx-ssl-proxy.conf and
added the following three lines
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 1.2.3.4
RemoteIPTrustedProxy 1.2.3.4
The last two lines are necessary to prevent abuse of the x-forwarded-for
header, and tell apache to only trust that header if it is coming from
1.2.3.4.
Where 1.2.3.4 is the public ipaddress of apache. If there are more
public ipaddresses nginx is bound to, the last two lines should be repeated.
Perhaps, if my understanding is correct, this might also be a good
change to blueonyx.
Kind regards
Maurice
More information about the Blueonyx
mailing list