• 0

Get Real IP with Haproxy Tomcat Jira Confluence using x-forwarded-for

Get Real IP with Haproxy Tomcat Jira Confluence using x-forwarded-for

get-real-ip-with-haproxy-tomcat-jira-confluence-using-x-forwarded-for

The Apache Software Foundation – https://svn.apache.org/viewvc/jakarta/site/xdocs/images/logos/tomcat.eps

Everyone knows the Problem. Get Real IP with Haproxy Tomcat Jira Confluence using x-forwarded-for behind Reverse Proxy somethimes is a pain. In my case, running Haproxy in Transparent mode wasnt a good solution for me,
since my setup of Jira and Confluence running on same machine an they both talk to each other via Oauth using their offloaded SSL URL.
So if you want to use Haproxy as Loadbalancer in front, i will show you in few short steps how to Get Real IP with Haproxy Tomcat Jira Confluence working.

Prerequisites:

  • A working Haproxy 1.5+ Installation.
  • A functional Jira/Confluence instance.
  • Texteditor (vi, joe, nano) of your choice.

The Haproxy part
First of all, we make sure that Haproxy forwards the x-forwarded-for header correctly by checking our haproxy.cfg
and append our frontend by following Options:

option http-server-close #this is mandatory for real ip to update correctly
option: forwardfor #this is forwarding X-Forwarded-for header to backend

Now to the Tomcat part

For Tomcat Servers there is a Real IP Module equivalent to Apache’s/nginx: mod_realip/realip called: RemoteIpValve which we will use.

in both of your Jira/Confluence Root directories (jira/conf/ confluence/conf/) you will find a tomcat server.xml config.

Open it in your favored editor and go to following position:

<Engine name="Catalina" defaultHost="localhost">

And add following snippet after that entry and dont forget to replace the internalProxies so it fits your setup:

            <!-- Remote IP Valve -->
            <Valve className="org.apache.catalina.valves.RemoteIpValve"
                   internalProxies="10.1.10.10|10.1.10.11"
                   remoteIpHeader="x-forwarded-for"
                   remoteIpProxiesHeader="x-forwarded-by"
                   protocolHeader="x-forwarded-proto"/>

Now to get access logs write the correct IP also, we need to finish one more step.

We move on to the lower end of the Config were it says:
<Valve className="org.apache.catalina.valves.AccessLogValve" resolveHosts="false"
And make sure to replace %a with %{org.apache.catalina.AccessLog.RemoteAddr}r to get the correct Real IP logged.

Finally restart your Tomcat Server.

Thats it!

Rating: 5.0/5. From 2 votes.
Please wait...
Jules

Jules

Jules is the owner and author of ISPIRE.ME. He's a Linux System Engineer, Tech fanatic and an Open Source fan.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.