Passing IP’s to apache with nginx proxy
When you use nginx as a proxy to an Apache backend server your apache will pick up the IP address of your nginx proxy as the clients IP. Because of this your apache log files becomes useless and .htaccess IP based access control stops to work.
Nginx provides a HTTP X-Forwarded-For header containing the clients real IP address however this is something apache will not notice by default.
You can configure apache to recognize the original client IP from the X-forwarded-for as the original client IP with
the help of the mod_rpaf apache module. On debian or ubuntu, this can be done by installing the rpaf package:
<shell> sudo apt-get install libapache2-mod-rpaf
Once the mod_rpaf module has been installed, you need to reconfigure apache.
You will need to add your nginx IP after the RPAFproxy_ips setting:
On a debian or ubuntu box you can edit the following file replacing WWW.XXX.YYY.ZZZ for the IP of your nginx proxy if you run nginx and apache on the same box this IP might be the loopback address 127.0.0.1
<shell> sudo nano etc/apache2/mods-available/rpaf.conf
If you installed the ubuntu package, this should be set up for you automatically in / .
Once you restart apache, you should be able to see the correct IP addresses in the apache access logs and .htacces IP
based access should work again.
Rudolf Maduro – Life Coach & IT specialist