LP#1684970 Translator compatible with mod_remoteip
authorBill Erickson <berickxx@gmail.com>
Mon, 27 Aug 2018 14:12:57 +0000 (10:12 -0400)
committerGalen Charlton <gmc@equinoxinitiative.org>
Mon, 5 Nov 2018 16:32:56 +0000 (11:32 -0500)
Teach the OSRF Translator to request the IP address of the user agent
(e.g. web browser) instead of the IP address of the up stream client,
which may be a proxy, using the Apache 2.4 request_rec->useragent_ip
value.

http://httpd.apache.org/docs/2.4/developer/new_api_2_4.html

This make is possible for the translator to access the client IP with
Apache's mod_remoteip enabled and configured.

Includes sample config and install documentation.

Signed-off-by: Bill Erickson <berickxx@gmail.com>
Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
README
src/gateway/osrf_http_translator.c

diff --git a/README b/README
index 2abbc83..2b74eed 100644 (file)
--- a/README
+++ b/README
@@ -579,6 +579,23 @@ sudo -b /usr/local/bin/websocketd --port 7682 --ssl --sslcert=/etc/apache2/ssl/s
      --sslkey=/etc/apache2/ssl/server.key /openils/bin/osrf-websocket-stdio
 ---------------------------------------------------------------------------
 
      --sslkey=/etc/apache2/ssl/server.key /openils/bin/osrf-websocket-stdio
 ---------------------------------------------------------------------------
 
+Optional: Using a web proxy (Apache 2.4 and above)
+--------------------------------------------------
+When the OpenSRF HTTP Translator runs behind a proxy, Apache must be 
+configured to read the IP address of the originating client instead
+of the proxy IP address.  
+
+1. Enable mod_remoteip
++
+[source,bash]
+---------------------------------------------------------------------------
+sudo a2enmod remoteip
+---------------------------------------------------------------------------
++
+2. Enable remote IP settings by uncommenting and modifying as needed the 
+Apache configuration variables starting with RemoteIP* in the sample Apache
+configuration file opensrf.conf.
+
 Optional: Using NGINX as a proxy
 --------------------------------
 NGINX can be used to proxy HTTP, HTTPS, and WebSockets traffic. Among other
 Optional: Using NGINX as a proxy
 --------------------------------
 NGINX can be used to proxy HTTP, HTTPS, and WebSockets traffic. Among other
index 789aaae..ec8a685 100644 (file)
@@ -119,7 +119,7 @@ static osrfHttpTranslator* osrfNewHttpTranslator(request_rec* apreq) {
     trans->connecting = 0;
     trans->disconnecting = 0;
 #ifdef APACHE_MIN_24
     trans->connecting = 0;
     trans->disconnecting = 0;
 #ifdef APACHE_MIN_24
-    trans->remoteHost = apreq->connection->client_ip;
+    trans->remoteHost = apreq->useragent_ip;
 #else
     trans->remoteHost = apreq->connection->remote_ip;
 #endif
 #else
     trans->remoteHost = apreq->connection->remote_ip;
 #endif