Home How to Get Real IP with Haproxy Tomcat Jira Confluence using x-forwarded-for
How-To

Get Real IP with Haproxy Tomcat Jira Confluence using x-forwarded-for

The Apache Software Foundation - http://svn.apache.org/viewvc/jakarta/site/xdocs/images/logos/tomcat.eps

Get Real IP with Haproxy Tomcat Jira Confluence using x-forwarded-for

The Apache Software Foundation – https://svn.apache.org/viewvc/jakarta/site/xdocs/images/logos/tomcat.eps

Everyone knows the Problem. Get Real IP with Haproxy Tomcat Jira Confluence using x-forwarded-for behind Reverse Proxy somethimes is a pain. In my case, running Haproxy in Transparent mode wasnt a good solution for me,
since my setup of Jira and Confluence running on same machine an they both talk to each other via Oauth using their offloaded SSL URL.
So if you want to use Haproxy as Loadbalancer in front, i will show you in few short steps how to Get Real IP with Haproxy Tomcat Jira Confluence working.

Prerequisites:

  • A working Haproxy 1.5+ Installation.
  • A functional Jira/Confluence instance.
  • Texteditor (vi, joe, nano) of your choice.

The Haproxy part
First of all, we make sure that Haproxy forwards the x-forwarded-for header correctly by checking our haproxy.cfg
and append our frontend by following Options:

option http-server-close #this is mandatory for real ip to update correctly
option: forwardfor #this is forwarding X-Forwarded-for header to backend

Now to the Tomcat part

For Tomcat Servers there is a Real IP Module equivalent to Apache’s/nginx: mod_realip/realip called: RemoteIpValve which we will use.

in both of your Jira/Confluence Root directories (jira/conf/ confluence/conf/) you will find a tomcat server.xml config.

Open it in your favored editor and go to following position:

<Engine name="Catalina" defaultHost="localhost">

And add following snippet after that entry and dont forget to replace the internalProxies so it fits your setup:

            <!-- Remote IP Valve -->
            <Valve className="org.apache.catalina.valves.RemoteIpValve"
                   internalProxies="10.1.10.10|10.1.10.11"
                   remoteIpHeader="x-forwarded-for"
                   remoteIpProxiesHeader="x-forwarded-by"
                   protocolHeader="x-forwarded-proto"/>

Now to get access logs write the correct IP also, we need to finish one more step.

We move on to the lower end of the Config were it says:
<Valve className="org.apache.catalina.valves.AccessLogValve" resolveHosts="false"
And make sure to replace %a with %{org.apache.catalina.AccessLog.RemoteAddr}r to get the correct Real IP logged.

Finally restart your Tomcat Server.

Thats it!

Jules

Jules is the owner and author of ISPIRE.ME. He's a Linux System Engineer, Tech fanatic and an Open Source fan.

Leave a Comment
Share
Published by
Jules
Tags: forwardforhaproxyRemoteIpValvetomcatx-forwarded-for
7 years ago

Recent Posts

HTTP/2 SSL Offloading with Hitch and Varnish

HTTP/2 SSL Offloading with Hitch and Varnish Since Chrome browsers showing you insecure warning on…

7 years ago

File changed as we read it GlusterFS issue

File changed as we read it GlusterFS issue Recently i had trouble running Backups of…

7 years ago

Running multiple instances of varnish using systemd

Running multiple instances of varnish using systemd If you have not yet found a complete…

7 years ago

HTTP/2 SSL Offloading with Haproxy and Nginx

HTTP/2 SSL Offloading with Haproxy and Nginx After HTTP/2 becoming more an more prominent regarding SSL…

7 years ago

Review TDS2 How to backtest using tick data with Metatrader 4

Review TDS2 How to backtest using tick data with Metatrader 4 in this Review TDS2…

8 years ago

Fix Upgrading Nginx 1.10 fails error unknown directive

Fix Upgrading Nginx 1.10 fails error unknown directive In this short article i will show…

8 years ago

This website uses cookies.