Hi DO Community,
I have 2 droplet,
serverA - varnish
serverB - LAMP (wordpress)
My LAMP show serverA private IP instead of real client IP. How I can get real client IP in this situation?
Thank you.
In order to have Varnish pass on the real client IP to your Apache access log, you’ll need to edit your Varnish configuration (/etc/varnish/default.vcl on Ubuntu) to add an X-Forwarded-For header. Find the vcl_recv section and added the following:
sub vcl_recv {
unset req.http.X-Forwarded-For;
set req.http.X-Forwarded-For = client.ip;
}
(Note: If you are using Varnish < 4.0 change unset to remove as the syntax is different.)
Than, in your Apache Virtual Host, set a CustomLog format:
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{User-agent}i\"" varnishcombined
CustomLog ${APACHE_LOG_DIR}/access.log varnishcombined
Finally, restart both Apache and Varnish for the changes to take effect:
- sudo service varnish restart
- sudo service apache2 restart
Very useful, but…
What about error.log? If I have to be more specific, what about basic authentication errors, such as: [auth_basic:error] [pid 23784] [client 127.0.0.1:46904] AH01618: user foo not found: /phpmyadmin/
They still show 127.0.0.1 and fail2ban apache jail is useless.