tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Dawson <seandawson2...@gmail.com>
Subject Re: Tomcat and NGINX ip forwarding
Date Sun, 01 Sep 2019 21:29:32 GMT
That seems to have worked - thanks!


On Sun, Sep 1, 2019 at 2:05 PM Mark Thomas <markt@apache.org> wrote:

> On September 1, 2019 2:52:36 PM UTC, Sean Dawson <seandawson2015@gmail.com>
> wrote:
> >Hello, I'm trying to get the actual client IP address in the Tomcat
> >access
> >logs rather than the 127.0.0.1 that's coming from nginx.
> >
> >CentOS 7.6 (on AWS)
> >Amazon Coretto 1.8.0_222.b10-1.x86_64
> >Tomcat 8.5.45.0 (extracted from tar.gz)
> >Nginx 1.12.2 (very basic setup)
> >
> >http (80) / https (443) to nginx
> >Tomcat running on 8080
> >
> >localhost_access_log shows all requests coming from ip: 127.0.0.1
> >
> >How do I get it to show the real IP address coming in through nginx ?
> >
> >I've tried various combinations of these - and others (and in various
> >sections of the nginx.conf)...
> >
> >proxy_set_header Host $host;
> >proxy_set_header X-Real-IP $remote_addr;
> >proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> >
> >I've tried adding this to Tomcat server.xml (in the Engine section):
> >
> ><Valve className="org.apache.catalina.valves.RemoteIpValve"
> >    internalProxies="127\.0\.[0-1]\.1"
> >    remoteIpHeader="x-forwarded-for"
> >    requestAttributesEnabled="true"
> >    protocolHeader="x-forwarded-proto"
> >    protocolHeaderHttpsValue="https"/>
> >
> >(As well as trying changing https to http.)
> >
> >I've also tried modifying this based on something I found online but it
> >didn't help:
> >
> > <Valve className="org.apache.catalina.valves.AccessLogValve"
> >directory="logs"
> >               prefix="localhost_access_log" suffix=".txt"
> >               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
>
> The remote ip valve looks ok.
>
> Use the default access log valve but add requestAttributesEnabled="true"
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message