#1 2016-11-21 13:18:08

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,384
Website

HA Proxy config on NL_KVM (Littlehappycloud)

Trying to set up access to a website based on IP on my Littlehappycloud KVM.

Since I always get the host node IP in my logs I put my trust in the hands of the Internet...

I found (and read) this post: https://philio.me/showing-the-correct-c … rse-proxy/

which got me wondering.....
Does the HA proxy forward the clients IP or not.....
If it already is I need to check my configs again, it wouldn't surprise me if it's a simple error on my part.

But asking hasn't hurt anyone (yet) smile

Offline

#2 2016-11-21 20:12:27

Backtogeek
Low End Boss
From: ~/
Registered: 2013-02-13
Posts: 3,607
Website

Re: HA Proxy config on NL_KVM (Littlehappycloud)

Well the answer is 'both' the information is sent forward but if you dont have the real_ip_header X-Forwarded-For in your httpd config then you will probably only see the node IP 99% of the time.

I had that issue with this forum early on, everyone was getting banned and from the same IP smile X-Forwarded-For did the trick.


http://LittleHappyCloud.net KVM VPS with 1TB Bandwidth for €3.00

Offline

#3 2016-11-21 20:17:09

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,384
Website

Re: HA Proxy config on NL_KVM (Littlehappycloud)

I did try with real_ip_header and X-forwarded-for settings, even tried som specific settings for cloudflare but still get the node ip in the logs.

My question was answered and I now know that its something wrong with my config. Will continue trying to find the correct settings.

Offline

#4 2016-11-21 21:07:59

Backtogeek
Low End Boss
From: ~/
Registered: 2013-02-13
Posts: 3,607
Website

Re: HA Proxy config on NL_KVM (Littlehappycloud)

Not sure if it helps but it can also be application specific, for example I had to set it on the httpd config and within the FluxBB config.

like for wordpress you need to put something like:

// Use X-Forwarded-For HTTP Header to Get Visitor's Real IP Address
	
if ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
	$http_x_headers = explode( ',', $_SERVER['HTTP_X_FORWARDED_FOR'] );

	$_SERVER['REMOTE_ADDR'] = $http_x_headers[0];
}

in the header.


http://LittleHappyCloud.net KVM VPS with 1TB Bandwidth for €3.00

Offline

#5 2016-11-21 21:10:07

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,384
Website

Re: HA Proxy config on NL_KVM (Littlehappycloud)

This is a vestacp install with only nginx. No apache.
I have installed wordpress but its ngingx that reports the wrong ip.

Offline

#6 2016-11-21 21:22:00

Backtogeek
Low End Boss
From: ~/
Registered: 2013-02-13
Posts: 3,607
Website

Re: HA Proxy config on NL_KVM (Littlehappycloud)

Did you try putting something in the WP header.php for x_forward_for ?

also, congrats on installing vestacp on LHC smile


http://LittleHappyCloud.net KVM VPS with 1TB Bandwidth for €3.00

Offline

#7 2016-11-22 09:16:54

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,384
Website

Re: HA Proxy config on NL_KVM (Littlehappycloud)

Backtogeek wrote:

Did you try putting something in the WP header.php for x_forward_for ?

Nope, checking the NginX logs first and it reports the node IP.
I'm doing the IP check (blocking) on NginX level .


Backtogeek wrote:

also, congrats on installing vestacp on LHC smile

Thanks!
Wasn't that hard to install smile I even wrote a blog post about changing the admin listening port (and it sticks after upgrades).

Offline

#8 2016-11-22 09:39:57

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,384
Website

Re: HA Proxy config on NL_KVM (Littlehappycloud)

found the problem !!!


Old Cloudflare config that caused the problem since I now use the IPv4 HA proxy instead of Cloudflare IPv4 -> IPv6 proxy.

After commenting out all Cloudflare IP and updating like this instead (reload of nginx config of course) it all worked. I can now test my site while everyone else gets a 404 smile

    set_real_ip_from   XX.XX.XX.XX; # masked out 
    #real_ip_header     CF-Connecting-IP;
    real_ip_header X-Forwarded-For;
    real_ip_recursive on;

Offline

Board footer