My issue is that I can get the real IP address from the client when I am using the openlitespeed webserver with a reversed proxy in front of my openlitespeed serveres.
We have the ssl termination on the openlitespeed web serveres and NOT on the proxy server.
The proxy is only going to farward the request to the correct server nothing else. We have multiple serveres.
We are at this point only able to get the reversed proxy IP address and not the client ip address.
We have tried this with haProxy and are now trying it with nginx as reversed proxy.
I have read that it wont work with haProxy, but nginx is a bit more flexible it think.
I have set the server Use Client IP in Header to Yes on the openlitespeed servere:
My first question is:
Is this possible or dosent the openlitespeed server support this at all.
Ref: https://clients.javapipe.com/knowledgebase/135/Real-Visitor-IPs-With-Website-DDoS-Protection.html
This says its built in on litespeed.
My second question is:
Do you know if this have been done successfully with haProxy, Nginx or Squid proxy?
My third question is:
Do anyone have a config that works for either haProxy, Nginx or Squid proxy.
Prefered: Nginx or haProxy
A big thanks in advance for anyone who can answer these questions.
I can confirm that is doesn't not work with ols. The litespeed team has confirmed it. Though they might add support for proxy protocol in the future. We are now syncing the ssl from the webserver to the proxy making it s secure all the way.
Related
I've been looking at possible ways to run a Minecraft server behind a reverse proxy on NGINX with a IP/location/to/server (e.g. 127.0.0.1/minecraft-server) connection, but the only information that I've found is to either use a SRV DNS record, or to use a stream proxy (but no further information is included about this possibility, or it does not provide a NGINX location config).
I need to use a NGINX reverse proxy as ports 80 and 443 will be the only ports that will be open externally via our provider (HTTP/S servers only allowed, they can't be used for anything else and the connection will be managed by administrators), and I don't have a domain. I can get one and a SSL certificate if that's all that's needed in order to be able to do this.
I know Minecraft runs on a TCP or UDP connection, and that's part of the reason why this is not an easy task, but since this is the only way I can possibly have future external access to my Minecraft Server (self hosted), I need a way to run the connection through an HTTP reverse proxy.
Is there any way to do this through NGINX or NGINX+other software?
Thank you in advance.
I have this install from this guide https://www.linode.com/docs/websites/varnish/use-varnish-and-nginx-to-serve-wordpress-over-ssl-and-http-on-debian-8
is there any advantage for using proxoy protocol? from
https://info.varnish-software.com/blog/five-steps-to-secure-varnish-with-hitch-and-lets-encrypt
to this setup (I have varnish 5)
if so, what is the modification needed for the setup in the linode link above?
best.
To begin with, it will not be possible to use PROXY protocol in the linked setup.
Nginx supports PROXY protocol only on the client side (i.e. when there is another proxy forwarding requests to it). It doesn't support PROXY protocol with proxy_pass, where it would make more sense for Varnish + Nginx SSL setup. Sorry about that.
I need to setup a reverse proxy server which would distribute traffic to the backend servers based on the incoming HOST header.
I opted for HAproxy for this but after setting up everything I realized that HAproxy reads the configuration just once when the service starts and continues to use the backend IP address unless it has been reloaded/restarted.
This is an issue for me since in my case if the backend server reboots it will have a different IP address and I dont have control on which IP address it gets.
I am thinking of moving to nginx server but before I go through all the setup I would like to know if we have the same issue with Nginx or not?
Meaning: If in the configuration file I have specific the name of backend server and if the related IP address changes, will Nginx refresh its dns cache to identify the new IP address?
(When the backend server changes IP, it is automatically updated in the hosts file of proxy server)
Yes, nginx will do the job. See 'resolve' option here:
http://nginx.org/en/docs/http/ngx_http_upstream_module.html#server
I am not sure how to formulate my question but here we go:
I have 2 servers, one is the nginx reverse proxy and one is the app server.
In my app server, I am developing a simple http client using jerseyclient that will send a request to another server. I can do this now but the traffic goes from the app server and directly to the destination. Is it possible to it from the app server, passes through the reverse proxy server and goes to the destination?
And, is this design ok or is it an abomination?
nginx reverse proxy works only for requests outside your network.
To configure your system works as you described you have to configure firewall NAT or caching HTTP proxy like squid etc.
If you have no reasons why your servers should look as single computer - your configuration is OK.
I am trying to get around ISP limitations of 1 IP address. Here is what I am trying to do. I have two web servers running internally on my network. One is my main IIS box that runs 4 or 5 sites and I just added a windows home server. I have created a dns entry for it called home.mydomain.com and the other server reponds to www.mydomain.com.
My router is set to forward 80 to www.mydomain.com's server (192.168.1.3) so when requests come in for home.mydomain.com the request fails since www server is not set up to listen to that host header.
I would like to know if there is a way with IIS 7 to 'proxy' requests to home.mydomain.com (192.168.1.4). I had tried setting up HttpRedirect in IIS but that does not work as I would have hoped since it sends back a 302 to the client with a name that points back to the main IP address and then a vicious redirect loop happens.
I am told in apache this can be done by having one server proxy for the other. Can this be done in IIS 7? If not does anyone know of a webserver proxy type of software I can use?
Thanks in advance,
Rich
What you are looking for is a "reverse proxy". In Apache you can do this via mod_proxy. In IIS, you'll want to try the Application Request Routing package.
URL Rewrite for IIS can also be used to do reverse proxing.
Yet another reverse proxy package is Managed Fusion URL Rewriter and Reverse Proxy