[Catalyst] catalyst psgi behind 2 apache reverse proxies
Bernhard Bauch
bauch at zsi.at
Wed Jul 8 14:55:44 GMT 2015
Ahh yes, sure i have.
otherwise $c->uri_for would not produce useless urls.
On 08 Jul 2015, at 16:51, Robert Brown <rob at intelcompute.com> wrote:
> Do you have...
>
> __PACKAGE__->config(
> using_frontend_proxy => 1,
> );
>
> ?
>
>
> On 07/08/2015 03:46 PM, Bernhard Bauch wrote:
>> dear all,
>>
>> another deployment question :)
>> suroundings: catalyst, psgi, starman, apache2.
>> but in our setup there are *two* apache2s doing reverse proxies before the requests reaches the starman server.
>>
>> so what happend:
>>
>> the http headers look like this (for catalyst)
>> X-FORWARDED-FOR: <clients-ip>, <proxy2-ip>
>> REQUEST_IP_ADDRESS: <proxy2-ip>
>>
>> what Plack::Middleware::ReverseProxy does it puts the LAST ip in the forwarded-for header into
>> $env->{REMOTE_ADDR}
>> which is actually not the IP of the client.
>> why is that happening ?
>> shouldn't it take the first IP, so catalyst has access to the original requests IP ?
>>
>> my apache proxy configs look like this...
>> is there something wrong with the proxies config ?
>>
>> thanks for hints!
>> cheers, bernhard
>>
>>
>>
>>
>> --------------------
>> proxy 1 (connectivity from "outside")-
>>
>> <VirtualHost *:80>
>>
>> ServerName publicdomain.com
>>
>> ProxyRequests Off
>> <Proxy *>
>> Order deny,allow
>> Allow from all
>> </Proxy>
>> ProxyPass / http://10.0.200.8:80/
>> ProxyPassReverse / http://10.0.200.8:80/
>> ProxyPreserveHost On
>> </VirtualHost>
>>
>> --------------------
>> proxy 2 (connectivity from "inside")
>>
>>
>> <VirtualHost *:80>
>> ServerName publicdomain.com
>>
>> # don't loose time with IP address lookups
>> HostnameLookups Off
>> # helpful for named virtual hosts
>> UseCanonicalName Off
>>
>> # ---------------------------
>> # HANDLE STATIC FILES
>> # ---------------------------
>> Alias /static /usr/local/....MyApp/root/static
>> <Location /static>
>> SetHandler default-handler
>> # allow access (thats new in apache 2.4. see http://httpd.apache.org/docs/2.4/upgrading.html#access)
>> Require all granted
>> </Location>
>> ProxyPass /static/ !
>>
>> # ---------------------------
>> # DYNAMIC REQUESTS (starman)
>> # ---------------------------
>> RewriteEngine On
>> ProxyPreserveHost On
>>
>> ProxyPass / http://localhost:5000/
>> ProxyPassReverse / http://localhost:5000/
>> </VirtualHost>
>>
>>
>>
>>
>>
>> —
>> Bernhard Bauch
>> Webdevelopment
>>
>> ZSI-Zentrum für Soziale Innovation GmbH
>> Centre for Social Innovation
>>
>> Linke Wienzeile 246, A-1150 Wien, Austria
>> Mail: bauch at zsi.at
>> Skype: berni-zsi
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> List: Catalyst at lists.scsys.co.uk
>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
>> Dev site: http://dev.catalyst.perl.org/
>
> !DSPAM:559d3921153867891315088!
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
>
> !DSPAM:559d3921153867891315088!
—
Bernhard Bauch
Webdevelopment
ZSI-Zentrum für Soziale Innovation GmbH
Centre for Social Innovation
Linke Wienzeile 246, A-1150 Wien, Austria
Mail: bauch at zsi.at
Skype: berni-zsi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.scsys.co.uk/pipermail/catalyst/attachments/20150708/cada68ad/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.scsys.co.uk/pipermail/catalyst/attachments/20150708/cada68ad/attachment.pgp>
More information about the Catalyst
mailing list