How to Pass Clients/Visitors IP Through Varnish to Nginx

Varnish is a great open source software known as a HTTP reverse proxy is typically run in front of web servers such as Apache or Nginx. In this case we will discuss Varnish and Nginx . The aim of Varnish is to stores the Varnish cache and remember what web server response to the user at the time of the first content access. Then return the cached copy for subsequent requests from end users without asking Nginx web server again. Therefore, Nginx access logs will display the local IP proxy (usually 127.0.0.1 if installed on the same server) instead of user’s IP as per below Nginx access logs.

127.0.0.1 - - [16/Feb/2015:01:03:09 +0800] "GET /red-hat-details-next-linux-and-storage-platforms-for-cloud-big-data-era/?share=google-plus-1 HTTP/1.1" 302 5 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)"
127.0.0.1 - - [16/Feb/2015:01:03:15 +0800] "GET /how-to-install-and-configure-epel-repository-on-centos-5-8/ HTTP/1.1" 200 15212 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36"
127.0.0.1 - - [16/Feb/2015:01:03:22 +0800] "POST /ngx_pagespeed_beacon?url=http%3A%2F%2Fwww.ehowstuff.com%2Fhow-to-install-telnet-client-on-centos-6-3%2F HTTP/1.1" 404 564 "https://webhostinggeeks.com/howto/how-to-install-telnet-client-on-centos-6-3/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36"
127.0.0.1 - - [16/Feb/2015:01:03:23 +0800] "GET /how-to-setup-squid-proxy-server-on-linux-centos-6-3/ HTTP/1.1" 200 16246 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"

Varnish

This will be a problem for a software like awstats or log analysis software due to incomplete information of the visitors. This article will teach you how to relay your blog visitor IP address through Varnish, to Nginx logs. The steps has been tested on CentOS 6.6 and CentOS 7. But before we start please make sure that http_realip_module has been enabled. This module allows to change the client’s IP address to value from request header (e. g. X-Real-IP or X-Forwarded-For). This module isn’t built by default, enable it with the configure option

--with-http_realip_module

Steps 1

See also  How to Add User into Group in Linux

Include “X-Forwareded-For” in the sub vcl_recv default.vcl :

[root@centos66 ~]# vi /etc/varnish/default.vcl
sub vcl_recv {
        # IP forwarding
        if (req.restarts == 0) {
                if (req.http.x-forwarded-for) {
                set req.http.X-Forwarded-For =
                        req.http.X-Forwarded-For + ", " + client.ip;
                } else {
                set req.http.X-Forwarded-For = client.ip;
                }
        }
..
..

Steps 2

Add the following in nginx.conf :

[root@centos66 ~]# vi /etc/nginx/nginx.conf
http {
..
..
    set_real_ip_from   127.0.0.1;
    real_ip_header      X-Forwarded-For;

..
..
}

Steps 3
Restart Nginx web server and Varnish :

[root@centos66 ~]# service nginx restart
[root@centos66 ~]# service varnish restart

Steps 4

Check and monitor the nginx access log again. It should returned the actual visitor IP as below :

157.55.39.102 - - [16/Feb/2015:01:06:04 +0800] "GET /how-to-download-centos-6-2-iso/ HTTP/1.1" 200 14622 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
68.180.228.247 - - [16/Feb/2015:01:06:16 +0800] "GET /tag/centos-6-2/page/4/ HTTP/1.1" 200 14474 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)"
220.181.108.178 - - [16/Feb/2015:01:06:25 +0800] "GET /howto-guides/howto-centos/ HTTP/1.1" 200 13863 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
66.249.79.116 - - [16/Feb/2015:01:06:33 +0800] "GET /how-to-enable-root-login-on-ubuntu-14-04/ HTTP/1.1" 200 15547 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

How to Reset the Directory Manager Password on RHEL 7 / CentOS 7
How to Reset the Directory Manager Password on RHEL 7 / CentOS 7

It is best practice to remember passwords, but because too many passwords, sometimes we forget. We are not encouraged to write the password on any paper or share the password...

How to Find Big Files Size on Linux RHEL/CentOS
How to Find Big Files Size on Linux RHEL/CentOS

As the linux administrator, sometimes we have to identify which files are most take much space in the linux server resulting in low free space. Low disk space can also...

Why Linux users should worry about malware and what they can do about it
Why Linux users should worry about malware and what they can do about it

Don’t drop your guard just because you’re running Linux. Preventing the spread of malware and/or dealing with the consequences of infection are a fact of life when using computers. If...

How to Reset Forgotten Root Password on Linux RHEL 7 / CentOS 7
How to Reset Forgotten Root Password on Linux RHEL 7 / CentOS 7

This short howto will explain the steps to reset a lost root password or to reset a forgotten root password on Linux RHEL 7 or CentOS 7. Basically, we will...

How to Update CentOS or Upgrade CentOS to the Latest Version
How to Update CentOS or Upgrade CentOS to the Latest Version

Recently, the latest version of CentOS 7.3 was released. All users of CentOS 7.0, 7.1 and 7.2 can upgrade their system to the most recent. This quick guide will explain...

How to Change your WordPress Username, Nickname and Display Name in MySQL
How to Change your WordPress Username, Nickname and Display Name in MySQL

After you create an account log in WordPress, you may want to change your WordPress username, as appropriate or due to security reason. However, you can not do this from...

How to Enable SSH Root Login on Ubuntu 16.04
How to Enable SSH Root Login on Ubuntu 16.04

As what we wrote in the previous article on how to allow SSH root on Ubuntu 14.04, after installing a fresh new copy of Ubuntu 16.04 LTS, we find that...

How to Change UUID of Linux Partition on CentOS 7
How to Change UUID of Linux Partition on CentOS 7

UUID (Universally Unique IDentifier) should be unique and it is used to identify storage devices on a linux system. If you cloned a virtual machine from vCenter, the metadata containing...

Leave a Reply

Your email address will not be published. Required fields are marked *