[Catalyst] catalyst psgi behind 2 apache reverse proxies

Wed, 08 Jul 2015 07:47:16 -0700 

dear all,

another deployment question :)
suroundings: catalyst, psgi, starman, apache2.
but in our setup there are *two* apache2s doing reverse proxies before the 
requests reaches the starman server.

so what happend:

the http headers look like this (for catalyst)
        X-FORWARDED-FOR: <clients-ip>, <proxy2-ip>
        REQUEST_IP_ADDRESS: <proxy2-ip>

what Plack::Middleware::ReverseProxy does it puts the LAST ip in the 
forwarded-for header into
        $env->{REMOTE_ADDR}
which is actually not the IP of the client.
why is that happening ?
shouldn't it take the first IP, so catalyst has access to the original requests 
IP ?

my apache proxy configs look like this...
is there something wrong with the proxies config  ?

thanks for hints!
cheers, bernhard




--------------------
proxy 1 (connectivity from "outside")-

<VirtualHost *:80>

        ServerName publicdomain.com

        ProxyRequests Off
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>
        ProxyPass               /                 http://10.0.200.8:80/
        ProxyPassReverse        /           http://10.0.200.8:80/
        ProxyPreserveHost       On
</VirtualHost>

--------------------
proxy 2 (connectivity from "inside")


<VirtualHost *:80>
        ServerName publicdomain.com

        # don't loose time with IP address lookups
        HostnameLookups Off
        # helpful for named virtual hosts
        UseCanonicalName Off

        # ---------------------------
        # HANDLE STATIC FILES
        # ---------------------------
        Alias           /static             /usr/local/....MyApp/root/static
        <Location /static>
            SetHandler default-handler
            # allow access (thats new in apache 2.4. see 
http://httpd.apache.org/docs/2.4/upgrading.html#access)
            Require all granted
        </Location>
        ProxyPass           /static/    !

        # ---------------------------
        # DYNAMIC REQUESTS (starman)
        # ---------------------------
        RewriteEngine On
        ProxyPreserveHost On

        ProxyPass           /           http://localhost:5000/
        ProxyPassReverse    /           http://localhost:5000/
</VirtualHost>





—
Bernhard Bauch
Webdevelopment

ZSI-Zentrum für Soziale Innovation GmbH
Centre for Social Innovation

Linke Wienzeile 246, A-1150 Wien, Austria
Mail: [email protected]
Skype: berni-zsi

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/

Reply via email to