You need to use mod_extforward under Lighttpd to extract and log the client’s real IP from “X-Forwarded-For” or “X-Real-IP” header which is added by reverse proxy server such as Nginx or Squid proxy server.
ADVERTISEMENTS
Configuration
Edit lighttpd.conf file, enter:
# vi /etc/lighttpd/lighttpd.conf
WARNING! mod_extforward is included in lighttpd 1.4.14 and later.Add mod_extforward at the end of server.modules directive (order is important):
server.modules = ( "mod_redirect", "mod_alias", "mod_rewrite", "mod_expire", "mod_access", "mod_auth", "mod_status", "mod_fastcgi", "mod_secdownload", "mod_accesslog", "mod_compress", ### add mod_extforward #### "mod_extforward" ) |
Add Your Proxy Server / Revers Proxy Load Balancer IPs
Add your nginx based reverse proxy ips (LB’s IPs) such as 10.10.28.5 and 10.10.28.6:
extforward.forwarder = ( "10.10.28.5" => "trust", "10.10.28.6" => "trust" ) |
Save and close the file.
How Do I Set Client’s Custom IP Headers?
You can also set headers to search for finding the client’s original IP addresses using the following syntax:
extforward.headers = ("X-Cluster-Client-Ip") |
OR
extforward.headers = ("X-Real-Ip") |
Restart Lighttpd
Finally, restart the lighttpd web server, enter:
# service lighttpd restart
You can view access log using tail command:
# tail -f /var/log/lighttpd/access.log
This entry is 5 of 10 in the CentOS / RHEL nginx Reverse Proxy Tutorial series. Keep reading the rest of the series:
- CentOS / Redhat Linux: Install Keepalived To Provide IP Failover For Web Cluster
- CentOS / Redhat: Install nginx As Reverse Proxy Load Balancer
- Handling nginx Failover With KeepAlived
- nginx: Setup SSL Reverse Proxy (Load Balanced SSL Proxy)
- mod_extforward: Lighttpsd Log Clients Real IP Behind Reverse Proxy / Load Balancer
- HowTo: Merge Apache / Lighttpsd / Nginx Server Log Files
- Linux nginx: Chroot (Jail) Setup
- HowTo: SPDY SSL Installation and Configuration
- Install Nginx Using Yum Command on CentOS/RHEL
- Create a Self-Signed SSL Certificate on Nginx
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
- RSS feed or Weekly email newsletter
- Share to Twitter • Facebook • 0 comments... add one ↓
UP NEXT
Clear Squid Proxy Cache And Re-create the Cache Directories
How to install Squid Proxy Server on Ubuntu 20.04 LTS Linux
Lighttpd: Set Cache-Control: public, max-age Headers For Caching Purpose
How To Listen Pandora In Europe Outside USA Using Proxy
Squid test config file for syntax errors
Nginx restore real IP address when behind a reverse proxy
Squid Proxy Hide System's Real IP Address
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |