How Can We Help?
Log Real IP in NGINX Reverse Proxy
Are your proxy clients also reporting the IP of the reverse proxy in the logs? In this article, we will fix the NGINX reverse proxy to forward the real client IP.
Prerequisites
It is assumed that you already have an NGINX reverse proxy, if not, have a look at this article.
NGINX Reverse Proxy Configuration
Open the /etc/nginx/nginx.conf and add the following entries to the http section:
set_real_ip_from x.x.x.x; # Proxy IP
set_real_ip_from 10.0.0.0/8; # Full private 10.x range
set_real_ip_from 172.16.0.0/12; # Full private 172.x range
set_real_ip_from 192.168.0.0/16; # Full private 192.x range
real_ip_header X-Forwarded-For;
real_ip_recursive on;
Make sure to change the configuration to your proxy IP and enter the IP ranges to your needs (i.e. internal network and VPN network).
Once satisfied validate the configuration using nginx -t.
If everything looks okay, enable the configuration using nginx -s reload.
Apache Client Configuration
Once your reverse proxy sends the correct IP your client-server needs to read it properly. To do this for Apache, let’s start with enabling the remoteip package using a2enmod remoteip. Next, open /etc/apache2/apache2.conf and add the following content:
# Enable real IP from proxy
RemoteIPHeader X-Forwarded-ForNow restart Apache using service apache2 restart.
Limitation
This setup will log the client IP from clients outside your network. For clients within your network, it will log the IP of your reverse proxy.