Yannick PEREIRA-REIS bio photo

Yannick PEREIRA-REIS

Full stack web developer Symfony2, VueJs and AngularJs in Lyon (France), I also play with DevOps tools like Docker, Vagrant, Elasticsearch, Logstash, Kibana, Supervisor, ...

Twitter LinkedIn Github

Behind a reverse proxy, the user IP we get is often the reverse proxy IP itself. But for obvious reasons it’s important to have access to the user real ip address.

Docker

Nging reverse proxy configuration

Tested for nginx/1.11.8

The http_realip_module must be installed (--with-http_realip_module), of course !

Use this command to check :

2>&1 nginx -V | tr -- - '\n' | grep http_realip_module
  • We need to tell the reverse proxy to pass information to the backend nginx server.
  • We can add thoses lines as a global configuration or per location.
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;

Nginx backend configuration

  • We can add a custom log format and use it in addition with others.
http {

  # ...

    ##
    # Logging Settings
    ##

    log_format specialLog '$remote_addr forwarded for $http_x_real_ip - $remote_user [$time_local]  '
                          '"$request" $status $body_bytes_sent '
                          '"$http_referer" "$http_user_agent"';

    access_log /var/log/nginx/access-special.log specialLog;
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    # ...

}
  • Or we can override the default log format.
http {

  # ...

    ##
    # Logging Settings
    ##
    log_format combined '$http_x_real_ip - $remote_user [$time_local] '
                        '"$request" $status $body_bytes_sent '
                        '"$http_referer" "$http_user_agent"';

    access_log /var/log/nginx/access.log combined;
    error_log /var/log/nginx/error.log;

    # ...

}

Be careful

In some cases you will need to add this configuration :

set_real_ip_from x.x.x.x/x; # Ip/network of the reverse proxy (or ip received into REMOTE_ADDR)
real_ip_header X-Forwarded-For;

Resources