10

I'm running an Nginx front-end for static files, and proxying to an Apache backend for PHP and Passenger, using Apache's mod_rpaf to set the correct remote IP address on the backend. Everything worked fine until I upgraded to Ubuntu 12.04 (Precise). Now Apache reports all connections coming from 127.0.0.1.

Here's the relevant configuration. Nothing here changed with the upgrade.

Nginx:

proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;

mod_rpaf:

<IfModule mod_rpaf.c>
    RPAFenable On
    RPAFsethostname On
    RPAFproxy_ips 127.0.0.1 ::1
    RPAFheader X-Forwarded-For
</IfModule>

I'm using %{X-Forwarded-For}i in my Apache LogFormat directive and the access logs are showing the correct remote address, so I know Nginx is passing the address along properly.

In a phpinfo() test, HTTP_X_FORWARDED_FOR is showing the correct remote address, but REMOTE_ADDR is 127.0.0.1. This is reflected in PHP applications as well, such as WordPress comments.

I've tried switching Nginx and mod_rpaf to X-Real-IP with no effect.

Did something change that I missed?

Relevant version info, everything installed from the Ubuntu repository:

Nginx 1.1.19
Apache 2.2.22
mod_rpaf 0.6

Evgeniy Chekan
  • 103
  • 2
Kenn
  • 145
  • 2
  • 7

3 Answers3

10

Just been dealing with this myself. There was an Ubuntu bug confirmed on Friday. You can get things working again by changing:

<IfModule mod_rpaf.c>

to

<IfModule mod_rpaf-2.0.c>

in /etc/apache2/mods-available/rpaf.conf

jetboy
  • 882
  • 2
  • 11
  • 25
  • I had exactly the same problem after upgrade to 12.04 and lost half a day on the issue before finding this post. Thank you! – Kouber Saparev Aug 07 '12 at 21:20
  • And bug itself, for completeness: https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-rpaf/+bug/930540 – thor Oct 05 '12 at 12:59
  • 1
    For anyone coming to this post after upgrading to 14.04 this fix will no longer apply; instead you will want to use `mod_remoteip` instead of `mod_rpaf`. – Stefan Magnuson Sep 30 '14 at 13:05
1

mod_rpaf appears to have been deprecated in Debian Jessie, and further development halted. Switch to mod_remoteip, which is a default module in Debian Jessie.

Kirrus
  • 482
  • 2
  • 11
0

Just an update to this question. The format of the variables mod_rpaf uses has changed - Apache will refuse to start with the ones listed above currently (RPAFenable, RPAFsethostname, RPAFproxy_ips, RPAFheader).

The new format is as follows:

LoadModule              rpaf_module modules/mod_rpaf.so
RPAF_Enable             On
RPAF_ProxyIPs           127.0.0.1 10.0.0.0/24
RPAF_SetHostName        On
RPAF_SetHTTPS           On
RPAF_SetPort            On
RPAF_ForbidIfNotProxy   Off
Artem Russakovskii
  • 973
  • 3
  • 11
  • 25