Date: Fri, 29 Mar 2024 14:18:07 +0000 (UTC) Message-ID: <1056394781.75.1711721887247@fa0ec5443aab> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_74_663282846.1711721887243" ------=_Part_74_663282846.1711721887243 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
When using a reverse proxy (such as is outlined here), l=
ogs such as /var/log/apache2/other_vhosts_access.log
will=
likely show the ip address of the proxy (not the client's ip address).
We can use remoteip and X-Forwarded-For to pass the clients ip addr= ess for logging purposes. This requires a few changes to the apache2.= conf file.
You'll need to implement the following using either the a2encon= f method or put it in each individual vhosts directive for specific sites.<= /p>
This method is the suggested method since we can keep our vhost directiv= es clean and implement the X-Forward-For as default.
Create a apache2 conf file (we'll call it remoteip.conf)
sudo na= no /etc/apache2/conf-available/remoteip.conf
Add this:
RemoteI= PHeader X-Forwarded-For RemoteIPTrustedProxy 127.0.0.1
Save and exit, and then enable the remoteip
mod this conf b=
y
sudo a2= enmod remoteip sudo a2enconf remoteip.conf
I'm assuming your apache2 <proxy>.conf file is of the form discuss= ed in Apache reverse-proxy SSL to multiple server applications<= /a>. You'll need to add RemoteIPHeader and RemoteIPTrustedProxy to ea= ch on the<VirtualHost *:443> code blocks. For example:
<Virt= ualHost *:443> ServerName confluence.example.com =20 ProxyRequests Off ProxyVia Off ProxyPreserveHost On =20 <Proxy *> Require all granted </Proxy> =20 ProxyPass / http://127.0.0.1:8090/ ProxyPassReverse / http://127.0.0.1:8090/ =20 RemoteIPHeader X-Forwarded-For RemoteIPTrustedProxy 127.0.0.1 =20 =20 SSLEngine On SSLCertificateFile </path/to/fullchain.pem> SSLCertificateKeyFile <path/to/privkey.pem> Include /etc/letsencrypt/options-ssl-apache.conf </VirtualHost>
Regardless of which of the method above you use, you'll now need to make= a quick change to the /etc/apache2/apache2.conf file.
Search for the LogFormat
arugments, you'll basically need t=
o replace the %h
instances with %a
. It=
should look something like this when you're done:
LogForm= at "%v:%p %a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" = vhost_combined LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\""= combined LogFormat "%a %l %u %t \"%r\" %>s %O" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent
Finally, reload the apache2 configuration files (or restart apache2) wit= h:
sudo se= rvice apache2 reload