Skip to content

Instantly share code, notes, and snippets.

@patrocle
Last active July 23, 2024 17:39
Show Gist options
  • Save patrocle/43f688e8cfef1a48c66f22825e9e0678 to your computer and use it in GitHub Desktop.
Save patrocle/43f688e8cfef1a48c66f22825e9e0678 to your computer and use it in GitHub Desktop.
Real IP for Apache (Nginx reverse proxy)

NGINX 1.10 + APACHE 2.4 real IP for reverse proxy

Edit nginx conf

default.conf or what you want

vim /etc/nginx/conf.d/default.conf

add proxy_set_header for php files

   location ~ \.php$ {
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;

        proxy_pass   http://127.0.0.1:8080;
    }

Add apache remoteip mod with

a2enmod remoteip

create a new conf file for Apache

vim /etc/apache2/conf-available/remoteip.conf

and add

<IfModule mod_remoteip.c>
    RemoteIPHeader X-Forwarded-For
    RemoteIPTrustedProxy 127.0.0.1
</IfModule>

Add active this conf with

a2enconf remoteip

restart apache

service apache2 restart

And now apache logs and $SERVER['REMOTE_ADDR'] have the real IP ;-)

@agalera
Copy link

agalera commented Jun 3, 2019

Thanks!

@phughes3866
Copy link

Thanks. Have apache serving webdav behind nginx proxy. This worked great for logging the origin IP address to apache's error.log file so that fail2ban could see any offending bad-login IP (rather than the localhost all the time). Used in combination with the correct nginx proxying header: proxy_set_header X-Forwarded-For $remote_addr;

@coderua
Copy link

coderua commented May 31, 2023

Would be nice to add module checking in the /etc/apache2/conf-available/remoteip.conf:

<IfModule mod_remoteip.c>
    RemoteIPHeader X-Forwarded-For
    RemoteIPTrustedProxy 127.0.0.1
</IfModule>

@phanthaihuan
Copy link

I have checked and it works.

Thank you so much.

@ksmarini
Copy link

For me only works on /etc/apache2/conf-enabled/remoteip.conf

@Ruf790
Copy link

Ruf790 commented Apr 14, 2024

Not work for me I have router

@felixd
Copy link

felixd commented Apr 25, 2024

Thanks! :) Works..finally.

Nginx Proxy on Front redirecting to Apache2 WWW Server over Wireguard VPN :)

10.VPN.VPN.1 - - [25/Apr/2024:16:55:06 +0200] "GET /info.php HTTP/1.1" 200 26432 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
109.173.PUBLIC.IP - - [25/Apr/2024:16:55:52 +0200] "GET /info.php HTTP/1.1" 200 26401 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment