I've setup 5 lighttpd web servers behind Nginx based reverse proxy / load balancer to distribute load for busy e-commerce website. However, all web server nodes putting my load balncers two IP address in access log file. How do I force lighttpd to log a real IP (public IP) address of all client computers visiting our website?
You need to use mod_extforward under Lighttpd to extract and log the client's real IP from "X-Forwarded-For" or "X-Real-IP" header which is added by reverse proxy server such as Nginx or Squid proxy server.
Edit lighttpd.conf file, enter:
# vi /etc/lighttpd/lighttpd.conf
Add mod_extforward at the end of server.modules directive (order is important):
server.modules = ( "mod_redirect", "mod_alias", "mod_rewrite", "mod_expire", "mod_access", "mod_auth", "mod_status", "mod_fastcgi", "mod_secdownload", "mod_accesslog", "mod_compress", ### add mod_extforward #### "mod_extforward" )
Add Your Proxy Server / Revers Proxy Load Balancer IPs
Add your nginx based reverse proxy ips (LB's IPs) such as 10.10.28.5 and 10.10.28.6:
extforward.forwarder = ( "10.10.28.5" => "trust", "10.10.28.6" => "trust" )
Save and close the file.
How Do I Set Client's Custom IP Headers?
You can also set headers to search for finding the client's original IP addresses using the following syntax:
extforward.headers = ("X-Cluster-Client-Ip")
extforward.headers = ("X-Real-Ip")
Finally, restart the lighttpd web server, enter:
# service lighttpd restart
You can view access log using tail command:
# tail -f /var/log/lighttpd/access.log
This FAQ entry is 5 of 8 in the "CentOS / RHEL nginx Reverse Proxy Tutorial" series. Keep reading the rest of the series: