From 140cd9de3ba89c9d5b771953c535efa9100c32a1 Mon Sep 17 00:00:00 2001 From: Galen Charlton Date: Mon, 5 Nov 2018 12:49:35 -0500 Subject: [PATCH] LP#1801759: add mod_remoteip configuration to example Apache config Text taken from an OpenSRF patch added by Bill Erickson per bug 1684970. This patch adds an Apache configuration stanza that uses mod_remoteip to pass the user agent's IP address to the HTTP translator. It is meant for when Apache is being run behind a proxy such as NGINX. To test ------- [1] Set up Evergreen with Apache and the WebSockets server running behind a proxy such as NGINX. [2] Enable mod_remoteip (e.g., sudo a2enmod remoteip). [3] Apply the Apache configuration change in this patch, uncommenting out the directives and (if necessary) updating the internal IP address of the proxy. [4] Reload Apache. [5] Perform an action that uses the HTTP translator, e.g., adding a vendor record using the Dojo interface. [6] Verify that the client IP logged is that of the user agent, not the proxy. Signed-off-by: Galen Charlton Signed-off-by: Bill Erickson --- Open-ILS/examples/apache_24/eg_vhost.conf.in | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Open-ILS/examples/apache_24/eg_vhost.conf.in b/Open-ILS/examples/apache_24/eg_vhost.conf.in index cfeb27ed34..95d0702b6d 100644 --- a/Open-ILS/examples/apache_24/eg_vhost.conf.in +++ b/Open-ILS/examples/apache_24/eg_vhost.conf.in @@ -409,6 +409,16 @@ RewriteRule .? - [E=locale:%{HTTP:Accept-Language}] # OpenSRF-over-HTTP translator # (http://open-ils.org/dokuwiki/doku.php?id=opensrf_over_http) # ---------------------------------------------------------------------------------- + +# OPTIONAL: Running the translator behind a proxy requires accessing +# the client IP address via mod_remoteip (sudo a2enmod remoteip). +# Below is a sample configuration for a proxy running on the same +# server and passing the client IP address via the X-Real-IP header. +# +#RemoteIPInternalProxy 127.0.0.1/24 +#RemoteIPInternalProxy ::1 +#RemoteIPHeader X-Real-IP + SetHandler osrf_http_translator_module Require all granted -- 2.43.2