Re: [Catalyst] catalyst psgi behind 2 apache reverse proxies

Wed, 08 Jul 2015 07:52:52 -0700 

Do you have...

__PACKAGE__->config(
    using_frontend_proxy => 1,
);

?


On 07/08/2015 03:46 PM, Bernhard Bauch wrote:

dear all,

another deployment question :)
suroundings: catalyst, psgi, starman, apache2.
but in our setup there are *two* apache2s doing reverse proxies before the requests reaches the starman server. 

so what happend:

the http headers look like this (for catalyst)
X-FORWARDED-FOR: <clients-ip>, <proxy2-ip>
REQUEST_IP_ADDRESS: <proxy2-ip>
what Plack::Middleware::ReverseProxy does it puts the LAST ip in the forwarded-for header into 
$env->{REMOTE_ADDR}
which is actually not the IP of the client.
why is that happening ?
shouldn't it take the first IP, so catalyst has access to the original requests IP ? 

my apache proxy configs look like this...
is there something wrong with the proxies config  ?

thanks for hints!
cheers, bernhard




--------------------
proxy 1 (connectivity from "outside")-

<VirtualHost *:80>

        ServerName publicdomain.com <http://publicdomain.com>

ProxyRequests Off
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>
        ProxyPass               / http://10.0.200.8:80/
        ProxyPassReverse        / http://10.0.200.8:80/
        ProxyPreserveHost       On
</VirtualHost>

--------------------
proxy 2 (connectivity from "inside")


<VirtualHost *:80>
ServerName publicdomain.com <http://publicdomain.com>

# don't loose time with IP address lookups
HostnameLookups Off
# helpful for named virtual hosts
UseCanonicalName Off

# ---------------------------
# HANDLE STATIC FILES
# ---------------------------
Alias           /static             /usr/local/....MyApp/root/static
<Location /static>
  SetHandler default-handler
# allow access (thats new in apache 2.4. see http://httpd.apache.org/docs/2.4/upgrading.html#access) 
  Require all granted
</Location>
ProxyPass           /static/    !

# ---------------------------
# DYNAMIC REQUESTS (starman)
# ---------------------------
RewriteEngine On
ProxyPreserveHost On

ProxyPass           / http://localhost:5000/
ProxyPassReverse    / http://localhost:5000/
</VirtualHost>





---
Bernhard Bauch
Webdevelopment

ZSI-Zentrum für Soziale Innovation GmbH
Centre for Social Innovation

Linke Wienzeile 246, A-1150 Wien, Austria
Mail: [email protected] <mailto:[email protected]>
Skype: berni-zsi






_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/



_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/

Reply via email to