Skip to content

Passing IPs to apache with nginx proxy

Passing IP’s to apache with nginx proxy

When you use nginx as a proxy to an Apache backend server your apache will pick up the IP address of your nginx proxy as the clients IP.  Because of this your apache log files becomes useless and .htaccess IP based access control stops to work.

Nginx provides a HTTP X-Forwarded-For header containing the clients real IP address however this is something apache will not notice by default.

You can configure apache to recognize the original client IP  from the X-forwarded-for as the original client IP with
the help of the mod_rpaf apache module. On debian or ubuntu, this can be done by installing the rpaf package:

<shell> sudo apt-get install  libapache2-mod-rpaf

Once the mod_rpaf module has been installed, you need to reconfigure apache.
You will need to add your nginx IP after the RPAFproxy_ips setting:

On a debian or ubuntu box you can edit the following file replacing  WWW.XXX.YYY.ZZZ for the IP of your nginx proxy if you run nginx and apache on the same box this IP might be the loopback address

<shell> sudo nano etc/apache2/mods-available/rpaf.conf

<IfModule mod_rpaf.c>
RPAFenable On
RPAFsethostname On

If you installed the ubuntu package, this should be set up for you automatically in / .

Once you restart apache, you should be able to see the correct IP addresses in the apache access logs and .htacces IP
based access should work again.

Rudolf Maduro – Life Coach & IT specialist

Published innginx

Be First to Comment

Leave a Reply

Your email address will not be published.