Currently, I am running a website which is running on Tomcat which has Apache in front and varnish for caching. Tomcat is running on port 8080 and port 81 is used as varnish back end. I need to implement a feature for which I need to know the IP address of the client's machine visiting the website. I've tried to access the IP address by the header X-FORWARDED-FOR.
When the website is accessed from port 81 (i.e. http://mywebsite.com:81/) I can get the IP address of the client's machine but unfortunately when accessing through default port 80 (i.e. http://mywebsite.com/) it's returning the localhost IP address (127.0.0.1). Can anyone suggest what can be the worked around to get the user's real IP address from port 80 as well?
Your setup, if I understood correctly, is as follows:
Varnish (port 80) -> Apache (port 81) -> Tomcat (port 8080)
And you would like the actual remote IP to show up as REMOTE_ADDR on the Tomcat server.
Varnish appends X-Forwarded-For header by default, so that's already sorted. To get Apache to pass the actual remote IP to Tomcat, you should install reverse proxy add forward module for Apache (mod_rpaf). mod_rpaf does exactly what you're looking for. The appropriate config for Apache would be:
<IfModule !rpaf_module>
LoadModule rpaf_module modules/mod_rpaf-2.0.so
</IfModule>
<IfModule rpaf_module>
RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1
RPAFheader X-Forwarded-For
</IfModule>
After enabling the module Tomcat should see the correct REMOTE_ADDR header as well as the HTTP_X_FORWARDED_FOR header.
Related
I Have configured Both Apache and Wildfly to use AJP in order to achieve the Proxy so i can produce Access-logs
Acccess Logs are Enabled from management profile of Wildfly
Port is listening on 8009
Apache has a Virtual Host listening on port 80
configured with the ProxyPass command.
Access Pattern is configured
and the result is receiving logs that have been proxied but not the original client ip is diplayed but only the loopback of 127.0.0.1
So am asking about a way to reveal the client Ip that requests the Apache Server.
syntax is okay and %a does display the 127.0.0.1
Thanks!
I have tried multiple access patterns (%a,%h,{i,xxx}...
I have tried both X-Forward-For ,X-Forwarded-For on Apache PreserveHost On etc..
I have tried tcpdump the port 8009 receiving 0 packets on the monitoring
Don't know what the perfect title for this, but here it is.
I'm running a server with Windows Server 2008 R2.
On this server I have three webapps and it already run well
App1 using Apache2 on port 80
App2 using IIS on port 81
App3 using Xampp Apache on port 83
I already have a domain for each port
1. domain1.com for port 80
2. domain2.com for port 81
3. domain3.com for port 83
all domain has been pointing to server, and it is work fine when I use (:port) behind the domain, eg. domain1:83 is already open Xampp Apache on port 83.
however, what I need is when I type domain1.com it should open port 80, domain2.com it should open port 81, and domain3.com should open port 83.
Simple say, I don't need to add :81 or :83 if I want to open those sites.
Main apache server used are Apache2, and I need configuration to automatically when I type domain2.com it goes to port 81 (localhost:81), and so if I type domain3.com it goes to port 83 (localhost:83)
Meaning is, that Apache2 only handle App1 on port 80, when I want to access App2 using domain2.com then it refer to localhost:81 then the process will be handled by IIS, and so for App3 using domain3.com it refer to localhost:83 then Xampp will handle the process.
Every Apps has different config so I cannot put it to single port 80 then difference it by DocumentRoot since other Apps are not processed by Apache2.
Regards,
Set up a name-based virtual host support on Apache. It is handling port 80, so it will handle all requests to port 80, no matter what port number is used.
You then have two options.
Redirect
Proxy
You can redirect the traffic to the other port (which will show the port number in the address bar of the browser, and cause search engines to index URLs with that port number in them)
Redirect / http://domain2.com:81/
Or you can proxy the traffic through Apache (which will relay everything through Apache, which could have performance implications):
ProxyPass "/" "http://domain2.com:81/"
I have an Icecast server sitting behind the Apache proxy server, so the connection from the client to Icecast is done by that way:
Client -> Apache server (reverse proxy) -> Icecast server.
The reason I need the proxy, is that I need to have the urls to Icecast via HTTPS on the website, and did not find any other solution except proxying HTTPS to the port, which Icecast sitting on, via HTTP (the proposed solution is here - Why Icecast2 does not want to give the stream through https? , although there they have nginx server as proxy).
Icecast server is showing the stats - the remote ip of the clients connecting to it - and I need that stats. The stats can be viewed via the web-interface of Icecast - base url, following (/admin/listclients.xsl?mount=/mount-point-name). But after proxying the connection, Icecast shows the wrong remote ip there (it always shows the proxy server ip).
Is it possible to make Icecast show the right client ip in those stats (like put there X-Forwarded-For IP instead of REMOTE_ADDR, as the client ip is supposed to be transferred in X-Forwarded-For header to Icecast server by the Apache mod_proxy)?
Here is the config of my Apache proxy virtual host:
<VirtualHost *:443>
ServerName my-proxy-server.name
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://icecast-server-name:8000/
ProxyPassReverse / http://icecast-server-name:8000/
# Some other strings related to SSL-certificate
.....
</VirtualHost>
Apache version: 2.4.7 (on Ubuntu)
Icecast version: 2.4.2
I have faced this problem again and here is how I got it working with Nginx & Icecast-kh:
Add X-Forwarded-For header to you Nginx proxy configuration:
location /stream {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://stream.radio.com:8000/mount; }
}
Add <x-forwarded-for>127.0.0.1</x-forwarded-for> to your Icecast configuration somewhere between <paths> tags, where 127.0.0.1 is the IP of your proxy (usually 127.0.0.1)
Icecast currently does not support reverse proxying (and this is not just about the proxy header, there are other issues). We are considering to add full support in 2.5.
We highly recommend to run Icecast directly on port 80.
In case of Debian you'll need to configure some things: http://lists.xiph.org/pipermail/icecast/2015-February/013198.html
I just created repository that contains support of x-forward-ip from kh branch on top of the 2.4.4 version of Icecast. Which could be used until version 2.5.0 is released.
It seems that it is possible to get Apache server to Proxy and Manage SSL handshake on https requests and service them as 'http' thru another server behind it.
I have configured an apache server for ProxyPass using following configuration
SSLProxyEngine On
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/
I am able to get all all traffic to the apache server that is listening to port 8080 direct and serve by the localhost:8081 server so
http://localhost:8080/hi is being correctly served by http://localhost:8081/hi
However the following does not work :
http**s**://localhost:8080/hi to be served by http://localhost:8081/hi
Apache is trying to pass the https:// traffic to the 8081 server, without managing the SSL handshake.
Your Apache listener on port 8080 is an http listener, not an https listener. You can't handle both types of traffic on the same port. If you want to handle SSL traffic, you'll need to set up a new context on another port with SSLEngine On and all the other normal SSL configuration (certificate, key, etc).
This question has one version of this configuration.
Also this post.
Apache is runnig my server with port 80 and lighttpd with 81.
I defined vhost abc.com in apache.
I want to define track.abc.com and all request goes to lighttpd. Is is possible to define track subdomain for abc.com in lighttpd?
It is possible but rather than ports you need to have 2 separate IP addresses if you want to make regular request http://www.domainname.com in your browser. Otherwise you will be forced to call http://www.domainname.com if you intend to use the same IP address for both Apache and Lighttpd server.
You need to declare listening port in both Apache config and Lighttpd otherwise they both would try to bind IP address and port 80 which will result in error and only first server would start up.
I research and answer is Apache's ProxyPass option. First I configured my subdomain on Apache's vhost. and I added my subdomain's chost config file
ProxyPass / http://my_host_name:81/
Now, all my subdomains request goes to lighttp.