NGINX Reverse proxy Apache : get real IP

NGINX Reverse proxy Apache : get real IP

A few days ago, I encountered a problem to get the IP of the client in order to be able to use Fail2Ban correctly (blocking the IP of my reverse proxy being problematic ;-). Below my architecture:

L’attribut alt de cette image est vide, son nom de fichier est image-1.png.

Nginx Configuration :

You have to put these parameters in your block server:

location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://IP_web_server
}

then we check the configuration and reload Nginx

nginx -t
L’attribut alt de cette image est vide, son nom de fichier est image-2.png.
nginx -s reload

Configuration Apache

We wiil use the module apache rpaf

 apt-get install libapache2-mod-rpaf

We create the conf file /etc/apache2/conf-available/rpaf.conf and we put these parameters by modifying IP_Reverse_Proxy by the address of the Nginx server:

nano /etc/apache2/conf-available/rpaf.conf

<ifmodule rpaf_module>
RPAFenable On
RPAFsethostname On
RPAFproxy_ips IP_Reverse_Proxy
</ifmodule>

we enable the module and configuration

a2enmod rpaf
a2enconf rpaf

We restart apache to take into account the new configuration and voila

systemctl restart apache2

Unlike me, some people have a problem with the rpaf module and have to use remoteip module. You can follow this tutorial for that.

Leave a Reply

Your email address will not be published.