From: Bill Erickson Date: Mon, 27 Aug 2018 14:12:57 +0000 (-0400) Subject: LP#1684970 Translator compatible with mod_remoteip X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=refs%2Fheads%2Frel_2_5;p=OpenSRF.git LP#1684970 Translator compatible with mod_remoteip Teach the OSRF Translator to request the IP address of the user agent (e.g. web browser) instead of the IP address of the up stream client, which may be a proxy, using the Apache 2.4 request_rec->useragent_ip value. http://httpd.apache.org/docs/2.4/developer/new_api_2_4.html This make is possible for the translator to access the client IP with Apache's mod_remoteip enabled and configured. Includes sample config and install documentation. Signed-off-by: Bill Erickson Signed-off-by: Galen Charlton --- diff --git a/README b/README index 5052b4d..2632970 100644 --- a/README +++ b/README @@ -519,6 +519,23 @@ export OSRF_WEBSOCKET_MAX_REQUEST_WAIT_TIME=600 /etc/init.d/apache2-websockets start --------------------------------------------------------------------------- +Optional: Using a web proxy (Apache 2.4 and above) +-------------------------------------------------- +When the OpenSRF HTTP Translator runs behind a proxy, Apache must be +configured to read the IP address of the originating client instead +of the proxy IP address. + +1. Enable mod_remoteip ++ +[source,bash] +--------------------------------------------------------------------------- +sudo a2enmod remoteip +--------------------------------------------------------------------------- ++ +2. Enable remote IP settings by uncommenting and modifying as needed the +Apache configuration variables starting with RemoteIP* in the sample Apache +configuration file opensrf.conf. + Optional: Using NGINX as a proxy -------------------------------- NGINX can be used to proxy HTTP, HTTPS, and WebSockets traffic. Among other diff --git a/examples/apache2/opensrf.conf b/examples/apache2/opensrf.conf index 2989dc0..1d5e6bb 100644 --- a/examples/apache2/opensrf.conf +++ b/examples/apache2/opensrf.conf @@ -41,6 +41,16 @@ NameVirtualHost *:80 # OpenSRF-over-HTTP translator # (http://open-ils.org/dokuwiki/doku.php?id=opensrf_over_http) # ---------------------------------------------------------------------------------- + + # OPTIONAL: Running the translator behind a proxy requires accessing + # the client IP address via mod_remoteip (sudo a2enmod remoteip). + # Below is a sample configuration for a proxy running on the same + # server and passing the client IP address via the X-Real-IP header. + # + #RemoteIPInternalProxy 127.0.0.1/24 + #RemoteIPInternalProxy ::1 + #RemoteIPHeader X-Real-IP + SetHandler osrf_http_translator_module allow from all diff --git a/src/gateway/osrf_http_translator.c b/src/gateway/osrf_http_translator.c index fd2bf23..b572b47 100644 --- a/src/gateway/osrf_http_translator.c +++ b/src/gateway/osrf_http_translator.c @@ -119,7 +119,7 @@ static osrfHttpTranslator* osrfNewHttpTranslator(request_rec* apreq) { trans->connecting = 0; trans->disconnecting = 0; #ifdef APACHE_MIN_24 - trans->remoteHost = apreq->connection->client_ip; + trans->remoteHost = apreq->useragent_ip; #else trans->remoteHost = apreq->connection->remote_ip; #endif