From 51a4651186c94686051262a9255d165eadd4f049 Mon Sep 17 00:00:00 2001 From: Bill Erickson Date: Mon, 27 Aug 2018 10:12:57 -0400 Subject: [PATCH] LP#1684970 Translator compatible with mod_remoteip Teach the OSRF Translator to request the IP address of the user agent (e.g. web browser) instead of the IP address of the up stream client, which may be a proxy, using the Apache 2.4 request_rec->useragent_ip value. http://httpd.apache.org/docs/2.4/developer/new_api_2_4.html This make is possible for the translator to access the client IP with Apache's mod_remoteip enabled and configured. Includes sample config and install documentation. Signed-off-by: Bill Erickson Signed-off-by: Galen Charlton --- README | 17 +++++++++++++++++ src/gateway/osrf_http_translator.c | 2 +- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/README b/README index 2abbc83..2b74eed 100644 --- a/README +++ b/README @@ -579,6 +579,23 @@ sudo -b /usr/local/bin/websocketd --port 7682 --ssl --sslcert=/etc/apache2/ssl/s --sslkey=/etc/apache2/ssl/server.key /openils/bin/osrf-websocket-stdio --------------------------------------------------------------------------- +Optional: Using a web proxy (Apache 2.4 and above) +-------------------------------------------------- +When the OpenSRF HTTP Translator runs behind a proxy, Apache must be +configured to read the IP address of the originating client instead +of the proxy IP address. + +1. Enable mod_remoteip ++ +[source,bash] +--------------------------------------------------------------------------- +sudo a2enmod remoteip +--------------------------------------------------------------------------- ++ +2. Enable remote IP settings by uncommenting and modifying as needed the +Apache configuration variables starting with RemoteIP* in the sample Apache +configuration file opensrf.conf. + Optional: Using NGINX as a proxy -------------------------------- NGINX can be used to proxy HTTP, HTTPS, and WebSockets traffic. Among other diff --git a/src/gateway/osrf_http_translator.c b/src/gateway/osrf_http_translator.c index 789aaae..ec8a685 100644 --- a/src/gateway/osrf_http_translator.c +++ b/src/gateway/osrf_http_translator.c @@ -119,7 +119,7 @@ static osrfHttpTranslator* osrfNewHttpTranslator(request_rec* apreq) { trans->connecting = 0; trans->disconnecting = 0; #ifdef APACHE_MIN_24 - trans->remoteHost = apreq->connection->client_ip; + trans->remoteHost = apreq->useragent_ip; #else trans->remoteHost = apreq->connection->remote_ip; #endif -- 2.43.2