nginx-proxy-manager icon indicating copy to clipboard operation
nginx-proxy-manager copied to clipboard

Published 20 hours ago verified publisher icon NginxProxyManager

Preserve Real Public IP adresse between NPM Frontend and Apache Backend

Open bartounet16 opened this issue 2 years ago • 4 comments

Hello I've tried everything, but I can't get the public IP to show on my website.

I have NPM in Reverseproxy Docker (ip server docker 172.30.0.1 / ip container 172.25.0.2)

I have behind an Apache web server. I try everything I always have the ip 172.30.0.1 which is displayed in the Apache access logs and not the real public IP address of my visitors.

NPM Options: add_header Content-Security-Policy "upgrade-insecure-requests"; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy no-referrer always; add_header X-Robots-Tag none; proxy_hide_header Upgrade; proxy_hide_header X-Powered-By; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection keep-alive; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme;

Apache backend Option Vhost RemoteIPHeader X-Forwarded-For RemoteIPInternalProxy 172.30.0.1

could you help me please ?? i had try everithing.

bartounet16 avatar Dec 17 '22 11:12 bartounet16

This needs to be done only on Apache's side. The following is what I have in my configuration and it works fine. I don't have anything extra set in NginxProxyManager.

<VirtualHost *:80> ServerName example.com RemoteIPHeader X-Forwarded-For

mcn18 avatar Dec 22 '22 14:12 mcn18

thanks for answer. In my case it does not work.

No extra set in NPM and my vhost conf in apache side

<VirtualHost 172.30.0.2:80>
        ErrorLog syslog
        LogLevel warn
ServerName blog.XXXX.fr
DocumentRoot /var/www/html/PluXml/
RemoteIPHeader X-Forwarded-For
</VirtualHost>

My log ... blog.XXX.fr:80 172.30.0.1 - - [22/Dec/2022:14:12:21 +0000] "GET / HTTP/1.1" 200 9467 "-" "Mozilla/5.0 (Linux; Android 11; Redmi Note 9 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Mobile Safari/537.36"

bartounet16 avatar Dec 22 '22 14:12 bartounet16

For anyone still having this issue: As said in this post, apache needs to have mod_remoteip enabled:

// Enable the RemoteIP Module sudo a2enmod remoteip // Restart sudo service apache2 restart // edit virtual host config sudo nano /etc/apache2/sites-available/domain name.conf // add this line RemoteIPHeader X-Forwarded-For // Restart Apache systemctl restart apache2

Elanoran avatar Jul 26 '23 11:07 Elanoran

Issue is now considered stale. If you want to keep it open, please comment :+1:

github-actions[bot] avatar Feb 02 '24 01:02 github-actions[bot]