apache behind haproxy not providing remoteip

Discussion in 'Installation/Configuration' started by amoushou1, Jul 7, 2021.

  1. amoushou1

    amoushou1 New Member

    i have a multiserver setup seperate ispconfig panel with 3 dns-servers, 5 webservers, and 1 mailserver.
    All web traffic is going behind haproxy.
    I have issues with statistics not logging the remote ip.
    I have enabled remote-ip in apache and also adjusted the Logs as per below but the remote ip is logged only
    on /var/log/apache2/other_vhosts_access.log and not on the access.log of each domain.

    Apache.conf

    LogFormat "%v:%p %a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
    LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
    LogFormat "%h %p %a %{remote}p %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %p %a %{remote}p %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
    LogFormat "%a %l %u %t \"%r\" %>s %O" common
    LogFormat "%{Referer}i -> %U" referer
    LogFormat "%{User-agent}i" agent

    RemoteIPProxyProtocol On


    /etc/apache2/conf-available/remoteip.conf
    RemoteIPHeader X-Forwarded-For
    RemoteIPTrustedProxy ( list of haproxy ips)

    Any ideas how to record remote ip for each website ?
     
  2. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    you need to configure the apache log format to log the X-Forwarded-For field.
    https://www.techstacks.com/howto/log-client-ip-and-xforwardedfor-ip-in-apache.html

    also, you don't show your haproxy config, but you also have to configure that to include the x-forwarded-for ip in the header it sends to apache.

    from the haproxy docs:
    though from haproxy 1.4, you'll want to use 'option http-server-close' instead of 'option httpclose' as it maintains the keep-alive.
     
    Last edited: Jul 7, 2021
  3. amoushou1

    amoushou1 New Member

    thanks for the suggestion,
    i have tried but now it also not logging the remote ip even in /var/log/apache2/other_vhosts_access.log.
    Apache suggests not to use X-Forwarded-For but remoteip instead
    remoteip works but it does not log the remote ip on the designated log for each domain thus not stats.

    Any other suggestions?
     
  4. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    if you want it for each domain, you'll probably have to copy /usr/local/ispconfig/server/conf/apache_ispconfig_conf.master to /usr/local/ispconfig/server/conf-custom/ and make changes to the logformat settings in there.

    it may be in vhost.conf.master, but i think the log settings in there are just for the error log. may be wrong. i'm going on memory as i don't have direct access to look at the actual files from my current location.
     
  5. amoushou1

    amoushou1 New Member

    For anyone having similar issue, problem solved
    # LogFormat lines copy them below and replace %h with %a
    vi /etc/apache2/sites-available/ispconfig.conf
    #LogFormat "%v %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
    LogFormat "%v %a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
     
    ahrasis and till like this.
  6. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    you'll still need to copy the template conf file to conf-custom and make the same change in there, otherwise you'll keep losing this setting every time you update / resync ispconfig.
     
  7. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Wouldn't %a be safe to use all the time, ie. change the template shipped with ISPConfig? Normally %h will just log the client ip anyways, as hostname resolution is off by default.
     
    amoushou1 likes this.

Share This Page