.htaccess - Nginx as a reverse proxy for Apache
AnsweredConfiguring a cPanel/WHM server running AlmaLinux 9 with Nginx as a reverse proxy for Apache. The goal is to enable .htaccess
rules for user websites (e.g., blocking access to /wp-admin
and /wp-login.php
for specific IPs). Despite setting up mod_remoteip
, Apache logs still show 127.0.0.1
as the client IP instead of the real client IP.
Was following this guide:
https://support.cpanel.net/hc/en-us/articles/360051107513-How-to-restore-visitors-IP-with-mod-remoteip
What I did:
-
Enabled
mod_remoteip
in Apache:- Verified
mod_remoteip
is installed and enabled via EasyApache 4. - Configured
/etc/apache2/conf.modules.d/370_mod_remoteip.conf
:apache:LoadModule remoteip_module modules/mod_remoteip.so RemoteIPHeader X-Forwarded-For RemoteIPTrustedProxy 127.0.0.1 RemoteIPTrustedProxy my_server_IPv4
RemoteIPTrustedProxy my_server_IPv6 - Restarted Apache.
- Verified
-
Updated Apache LogFormat:
- Adjusted log formats in WHM to include
%a
for real client IPs:LogFormat (combined):
%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"
LogFormat (common):
%a %l %u %t \"%r\" %>s %b
- Adjusted log formats in WHM to include
-
Debugging:
- Enabled
LogLevel remoteip:debug
in Apache to monitormod_remoteip
behavior. - Verified Apache logs still show
127.0.0.1
in/usr/local/apache/logs/access_log
.
- Enabled
I can't solve this one, please help!
Thanks
-
Hey there! In theory, you shouldn't have to do much to get this working. Could you create a ticket on this one so we can examine the server directly?
1 -
Hm... Rex, I had to open Customer service request, not a Techical one, as it keeps spining suggested answers. Unable to open ticket from WHM, as I'm on Hetzner, not directly purchased from you.
Here, the ID: #95433562
Thanks0 -
Thanks for that. In general, you should be opening tickets with the license provider as they are your first point of contact for technical support issues, but I do see our team is checking this now.
1 -
Hey Rex, SOLVED.
Your buddy Aaron nailed. It looks like I was missing this:RemoteIPInternalProxy 127.0.0.1
0 -
Nice - I'm glad we were able to help!
0
Please sign in to leave a comment.
Comments
5 comments