LP#1801759: add mod_remoteip configuration to example Apache config

Text taken from an OpenSRF patch added by Bill Erickson per bug 1684970.

This patch adds an Apache configuration stanza that uses mod_remoteip
to pass the user agent's IP address to the HTTP translator. It is meant
for when Apache is being run behind a proxy such as NGINX.

To test
-------
[1] Set up Evergreen with Apache and the WebSockets server running
    behind a proxy such as NGINX.
[2] Enable mod_remoteip (e.g., sudo a2enmod remoteip).
[3] Apply the Apache configuration change in this patch, uncommenting
    out the directives and (if necessary) updating the internal IP
    address of the proxy.
[4] Reload Apache.
[5] Perform an action that uses the HTTP translator, e.g., adding a
    vendor record using the Dojo interface.
[6] Verify that the client IP logged is that of the user agent, not
    the proxy.

Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
Signed-off-by: Bill Erickson <berickxx@gmail.com>

diff --git a/Open-ILS/examples/apache_24/eg_vhost.conf.in b/Open-ILS/examples/apache_24/eg_vhost.conf.in
index cfeb27e..95d0702 100644 (file)
--- a/Open-ILS/examples/apache_24/eg_vhost.conf.in
+++ b/Open-ILS/examples/apache_24/eg_vhost.conf.in
@@ -409,6 +409,16 @@ RewriteRule .? - [E=locale:%{HTTP:Accept-Language}]
 # OpenSRF-over-HTTP translator
 # (http://open-ils.org/dokuwiki/doku.php?id=opensrf_over_http)
 # ----------------------------------------------------------------------------------
+
+# OPTIONAL: Running the translator behind a proxy requires accessing
+# the client IP address via mod_remoteip (sudo a2enmod remoteip).
+# Below is a sample configuration for a proxy running on the same
+# server and passing the client IP address via the X-Real-IP header.
+#
+#RemoteIPInternalProxy 127.0.0.1/24
+#RemoteIPInternalProxy ::1
+#RemoteIPHeader X-Real-IP
+
 <Location /osrf-http-translator>
     SetHandler osrf_http_translator_module
     Require all granted