Reverse Proxy Logs v2
As previous mentioned the logging is important and doing it the right way is also important. I realized too late that I had already installed the package required and therefore spent too much time modifying the logs. Time to do it the right way.
While initially the modification of the logs was a good idea, it is just a hack that only fixes the logs, not the initial problem. This means that other applications, like web services, will not know that it is behind a proxy unless specifically checking the HTTP header for it 1. My first thought was to implement this myself on all the applications, but after doing so for 5 minutes, it got me thinking on how many there was, so a quick search found me turn around 180 degrees. I therefore went further in my search and stumbled upon RPAF 2, a module for apache2 which translates proxy variables to respective parameter, for instance the remote ip address. Sadly, I never got it to work no matter what I did. But as the post of it was almost 14 years old, I checked further down and found that from 2020 someone mentioned that mod_remoteip 3 is official and replaces RPAF. I found myself already having added that, not sure why I missed this, but after adding a config file to test, it worked on the first try.
Therefore I updated the apache role for my Ansible config, enabling remoteip (it was enabled all along), add the config as a neat managed file, and then restart gracefully if necessary. Do note that the config below is only an example, and the IP range will be replaced with the proxies given to the role.
|
|
I have updated the repository for this change and also added removal of previous change. This also makes the proxy optional. If I only had done my research better, this would not have been an issue, as all the internal applications on teh web server still thought that the proxy was the actual client.