[Catalyst] catalyst psgi behind 2 apache reverse proxies

Bernhard Bauch bauch at zsi.at
Wed Jul 8 14:46:11 GMT 2015 

dear all,

another deployment question :)
suroundings: catalyst, psgi, starman, apache2.
but in our setup there are *two* apache2s doing reverse proxies before the requests reaches the starman server.

so what happend:

the http headers look like this (for catalyst)
	X-FORWARDED-FOR: <clients-ip>, <proxy2-ip>
	REQUEST_IP_ADDRESS: <proxy2-ip>

what Plack::Middleware::ReverseProxy does it puts the LAST ip in the forwarded-for header into
	$env->{REMOTE_ADDR}
which is actually not the IP of the client.
why is that happening ?
shouldn't it take the first IP, so catalyst has access to the original requests IP ?

my apache proxy configs look like this...
is there something wrong with the proxies config  ?

thanks for hints!
cheers, bernhard




--------------------
proxy 1 (connectivity from "outside")-

<VirtualHost *:80>

        ServerName publicdomain.com

	ProxyRequests Off
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>
        ProxyPass               /     		  http://10.0.200.8:80/
        ProxyPassReverse        /   	    http://10.0.200.8:80/
        ProxyPreserveHost       On
</VirtualHost>

--------------------
proxy 2 (connectivity from "inside")


<VirtualHost *:80>
	ServerName publicdomain.com

	# don't loose time with IP address lookups
	HostnameLookups Off
	# helpful for named virtual hosts
	UseCanonicalName Off

	# ---------------------------
	# HANDLE STATIC FILES
	# ---------------------------
	Alias           /static             /usr/local/....MyApp/root/static
	<Location /static>
	    SetHandler default-handler
	    # allow access (thats new in apache 2.4. see http://httpd.apache.org/docs/2.4/upgrading.html#access)
	    Require all granted
	</Location>
	ProxyPass           /static/    !

	# ---------------------------
	# DYNAMIC REQUESTS (starman)
	# ---------------------------
	RewriteEngine On
	ProxyPreserveHost On

	ProxyPass           /           http://localhost:5000/
	ProxyPassReverse    /           http://localhost:5000/
</VirtualHost>





—
Bernhard Bauch
Webdevelopment

ZSI-Zentrum für Soziale Innovation GmbH
Centre for Social Innovation

Linke Wienzeile 246, A-1150 Wien, Austria
Mail: bauch at zsi.at
Skype: berni-zsi




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.scsys.co.uk/pipermail/catalyst/attachments/20150708/dfec125d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.scsys.co.uk/pipermail/catalyst/attachments/20150708/dfec125d/attachment.pgp>

More information about the Catalyst mailing list