[Catalyst] catalyst psgi behind 2 apache reverse proxies

Bernhard Bauch bauch at zsi.at
Wed Jul 8 14:46:11 GMT 2015

dear all,

another deployment question :)
suroundings: catalyst, psgi, starman, apache2.
but in our setup there are *two* apache2s doing reverse proxies before the requests reaches the starman server.

so what happend:

the http headers look like this (for catalyst)
	X-FORWARDED-FOR: <clients-ip>, <proxy2-ip>
	REQUEST_IP_ADDRESS: <proxy2-ip>

what Plack::Middleware::ReverseProxy does it puts the LAST ip in the forwarded-for header into
which is actually not the IP of the client.
why is that happening ?
shouldn't it take the first IP, so catalyst has access to the original requests IP ?

my apache proxy configs look like this...
is there something wrong with the proxies config  ?

thanks for hints!
cheers, bernhard

proxy 1 (connectivity from "outside")-

<VirtualHost *:80>

        ServerName publicdomain.com

	ProxyRequests Off
        <Proxy *>
                Order deny,allow
                Allow from all
        ProxyPass               /
        ProxyPassReverse        /
        ProxyPreserveHost       On

proxy 2 (connectivity from "inside")

<VirtualHost *:80>
	ServerName publicdomain.com

	# don't loose time with IP address lookups
	HostnameLookups Off
	# helpful for named virtual hosts
	UseCanonicalName Off

	# ---------------------------
	# ---------------------------
	Alias           /static             /usr/local/....MyApp/root/static
	<Location /static>
	    SetHandler default-handler
	    # allow access (thats new in apache 2.4. see http://httpd.apache.org/docs/2.4/upgrading.html#access)
	    Require all granted
	ProxyPass           /static/    !

	# ---------------------------
	# ---------------------------
	RewriteEngine On
	ProxyPreserveHost On

	ProxyPass           /           http://localhost:5000/
	ProxyPassReverse    /           http://localhost:5000/

Bernhard Bauch

ZSI-Zentrum für Soziale Innovation GmbH
Centre for Social Innovation

Linke Wienzeile 246, A-1150 Wien, Austria
Mail: bauch at zsi.at
Skype: berni-zsi

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.scsys.co.uk/pipermail/catalyst/attachments/20150708/dfec125d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.scsys.co.uk/pipermail/catalyst/attachments/20150708/dfec125d/attachment.pgp>

More information about the Catalyst mailing list