<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">dear all,<div><br></div><div>another deployment question :)</div><div>suroundings: catalyst, psgi, starman, apache2.</div><div>but in our setup there are *two* apache2s doing reverse proxies before the requests reaches the starman server.</div><div><br></div><div>so what happend:</div><div><br></div><div>the http headers look like this (for catalyst)</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>X-FORWARDED-FOR: <clients-ip>, <proxy2-ip> </div><div><span class="Apple-tab-span" style="white-space:pre"> </span>REQUEST_IP_ADDRESS: <proxy2-ip> </div><div><br></div><div>what Plack::Middleware::ReverseProxy does it puts the LAST ip in the forwarded-for header into </div><div><span class="Apple-tab-span" style="white-space:pre"> </span>$env->{REMOTE_ADDR}</div><div>which is actually not the IP of the client.</div><div>why is that happening ?</div><div>shouldn't it take the first IP, so catalyst has access to the original requests IP ?</div><div><br></div><div>my apache proxy configs look like this...</div><div>is there something wrong with the proxies config ?</div><div><br></div><div>thanks for hints!</div><div>cheers, bernhard</div><div><br></div><div><br></div><div><br></div><div><br></div><div>--------------------</div><div>proxy 1 (connectivity from "outside")-</div><div><br></div><div><div><VirtualHost *:80></div></div><div><br></div><div> ServerName <a href="http://publicdomain.com">publicdomain.com</a><br><br><span class="Apple-tab-span" style="white-space:pre"> </span>ProxyRequests Off<br> <Proxy *><br> Order deny,allow<br> Allow from all<br> </Proxy><br> ProxyPass / <span class="Apple-tab-span" style="white-space:pre"> </span> <a href="http://10.0.200.8:80/">http://10.0.200.8:80/</a><br> ProxyPassReverse / <span class="Apple-tab-span" style="white-space:pre"> </span> <a href="http://10.0.200.8:80/">http://10.0.200.8:80/</a><br> ProxyPreserveHost On<br></VirtualHost></div><div><br></div><div><div>--------------------</div><div>proxy 2 (connectivity from "inside")</div></div><div><br></div><div><br></div><div><VirtualHost *:80></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>ServerName <a href="http://publicdomain.com">publicdomain.com</a></div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span># don't loose time with IP address lookups <br><span class="Apple-tab-span" style="white-space:pre"> </span>HostnameLookups Off<br><span class="Apple-tab-span" style="white-space:pre"> </span># helpful for named virtual hosts <br><span class="Apple-tab-span" style="white-space:pre"> </span>UseCanonicalName Off<br><br><span class="Apple-tab-span" style="white-space:pre"> </span># ---------------------------<br><span class="Apple-tab-span" style="white-space:pre"> </span># HANDLE STATIC FILES<br><span class="Apple-tab-span" style="white-space:pre"> </span># ---------------------------<br><span class="Apple-tab-span" style="white-space:pre"> </span>Alias /static /usr/local/....MyApp/root/static<br><span class="Apple-tab-span" style="white-space:pre"> </span><Location /static><br><span class="Apple-tab-span" style="white-space:pre"> </span> SetHandler default-handler<br><span class="Apple-tab-span" style="white-space:pre"> </span> # allow access (thats new in apache 2.4. see <a href="http://httpd.apache.org/docs/2.4/upgrading.html#access">http://httpd.apache.org/docs/2.4/upgrading.html#access</a>)<br><span class="Apple-tab-span" style="white-space:pre"> </span> Require all granted<br><span class="Apple-tab-span" style="white-space:pre"> </span></Location><br><span class="Apple-tab-span" style="white-space:pre"> </span>ProxyPass /static/ !<br><br><span class="Apple-tab-span" style="white-space:pre"> </span># ---------------------------<br><span class="Apple-tab-span" style="white-space:pre"> </span># DYNAMIC REQUESTS (starman)<br><span class="Apple-tab-span" style="white-space:pre"> </span># ---------------------------<br><span class="Apple-tab-span" style="white-space: pre;"> </span>RewriteEngine On<br><span class="Apple-tab-span" style="white-space:pre"> </span>ProxyPreserveHost On<br><br><span class="Apple-tab-span" style="white-space:pre"> </span>ProxyPass / <a href="http://localhost:5000/">http://localhost:5000/</a><br><span class="Apple-tab-span" style="white-space:pre"> </span>ProxyPassReverse / <a href="http://localhost:5000/">http://localhost:5000/</a></div><div></VirtualHost><br><br></div><div><br></div><div><br></div><div><br></div><div><br><div>
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div>—</div><div>Bernhard Bauch</div><div>Webdevelopment</div><div><br></div><div><div>ZSI-Zentrum für Soziale Innovation GmbH<br>Centre for Social Innovation<br><br>Linke Wienzeile 246, A-1150 Wien, Austria</div><div>Mail: <a href="mailto:bauch@zsi.at">bauch@zsi.at</a></div></div><div>Skype: berni-zsi</div><div><br></div><div><br></div></div></div></div></div><br class="Apple-interchange-newline">
</div>
<br></div></body></html>