There is NPM (Nginx Proxy Manager), behind it is ISPConfig 3.2 (Debian 9). In the logs, all requests from the NPM ip. How to configure it correctly so that the logs contain the ip of real clients? On the NPM side, for each host, I wrote: proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; But it didn't help. Thanks in advance for your advice.
Did you add the "proxy_set_header" in the advanced settings of the proxy host? Might want to try: Code: proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; real_ip_header X-Real-IP; real_ip_recursive on;
Thank you. Added the following lines, but nothing has changed. The proxy address is still written in the log instead of the real address of the client. Maybe something needs to be changed on the side of the server of the ISPConfig?
I had the similar issue (I am using haproxy Infront) and Apache servers as webservers. Do not know if this will help but. Had to enable remoteip on the webservers sudo a2enmod remoteip vi /etc/apache2/apache2.conf RemoteIPProxyProtocol On vi /etc/apache2/conf-available/remoteip.conf #Add all haproxy or pfsense ips the packets come from RemoteIPHeader X-Forwarded-For RemoteIPTrustedProxy x.x.x.x y.y.y.y z.z.z.z Also need to replace %h with %a in the following files vi /etc/apache2/apache2.conf #Comment the 3 LogFormat lines copy them below and replace %h with %a vi /etc/apache2/sites-available/ispconfig.conf # LogFormat lines copy them below and replace %h with %a
Thanks a lot. You can in more detail where to insert this directive. I tried a few places in the config, but the Apach will not start. Gives an error: Invalid command 'RemoteIPProxyProtocol', perhaps misspelled or defined by a module not included in the server configuration I made all other edits.
you should place it at the end of the file Last line apache is not starting because you have to link the file to the conf-enabled directory Please check the loaded modules apache2ctl -M if remoteip is not loaded sudo a2enmod remoteip systemctl restart apache2 check the following directories ls -la /etc/apache2/conf-available/ ls -la /etc/apache2/conf-enabled/ ln -s /etc/apache2/conf-available/remoteip.conf /etc/apache2/conf-enabled/ systemctl restart apache2 you should be ok after that Regards Aris
I did everything as you said, Simlink was created, the module is loaded. Added the last line (line 232) to apache2.conf: RemoteIPProxyProtocol On I launched an Apache config check and received an error: # apachectl configtest AH00526: Syntax error on line 232 of /etc/apache2/apache2.conf: Invalid command 'RemoteIPProxyProtocol', perhaps misspelled or defined by a module not included in the server configuration Action 'configtest' failed. The Apache error log may have more information.
I found information that the RemoteIPProxyProtocol On directive will work on Apache version 2.4.31 or newer. And I use version 2.4.25 on Debian 9.13
Is there any opportunity without updating the system distribution to update Apache, for example, from some third-party repository?
I know this, but I have an old project that needs PHP 5.3 and I could not start it under Debian 12 normally.
