LAMP Server log files behind reverse proxy

LAMP Server log files behind reverse proxy

With JCCHOME Linux, installing a full lamp server is pretty easy. At a bash prompt, just type sudo jcchome-menu and choose option 4. It will ask if you want to install the database server and which version of PHP you would like.

jcchome-menu image

Once this is done, the default server file is index.html and it’s in the /var/www/html directory.

This is great and you’re ready to start serving a website from this directory, such as wordpress or nextcloud. But what if you’re behind a reverse proxy?

First, a reverse proxy is a webserver that relays requests and serves content to and from a user to another webserver. An illustration of a simple network using a reverse proxy

So here we are, we have this working and if we point our browser to nextcloud.domain.ltd from outside this network, here we are, we get our nextcloud site. There are plenty of resources on how to configure reverse proxies out there, and I’ll assume you’ve gotten this far on your own.

So let’s have a look in our log files shall we?

They look something like this:

172.16.1.40 – – Mozilla Browser – nextcloud.domain.ltd

Huh? Why don’t we see the real IP address of the user? Because we need to use the X-Forwarded-For header.

It’s really quite simple.

You can craft the log header. But first let’s install an apache2 module to make this possible.

At the bash prompt, type:

sudo a2enmod remoteip

Use sudo if you’re not root

Now edit the /etc/apache2/apache2.conf file and go about 3/4 of the way down. You’ll see something like this:

LogFormat “%v:%p %h %l %u %t \”%r\” %>s %O \”%{Referer}i\” \”%{User-Agent}i\”” vhost_combined
LogFormat “%h %l %u %t \”%r\” %>s %O \”%{Referer}i\” \”%{User-Agent}i\”” combined
LogFormat “%h %l %u %t \”%r\” %>s %O” common
LogFormat “%{Referer}i -> %U” referer
LogFormat “%{User-agent}i” agent

The trick here is to replace %h with %a. So that now it’ll look like this:

LogFormat “%v:%p %a %l %u %t \”%r\” %>s %O \”%{Referer}i\” \”%{User-Agent}i\”” vhost_combined
LogFormat “%a %l %u %t \”%r\” %>s %O \”%{Referer}i\” \”%{User-Agent}i\”” combined
LogFormat “%a %l %u %t \”%r\” %>s %O” common
LogFormat “%{Referer}i -> %U” referer
LogFormat “%{User-agent}i” agent

Now just test the config and restart apache2:

sudo apache2ctl configtest
sudo systemctl restart apache2

Use sudo if you’re not root

Please note that this doesn’t always work. This can be because of configuration issues or bugs in apache2. If this happens, don’t worry, replace %a or %h with:

%{X-Forwarded-For}i

Then restart apache2 and you’ll start seeing the remote IP in your logs.

Now your log’s will show the public IP of anyone who uses you’re website. This is a necessity for security. The default log location is: /var/log/apache2/. Go see what you have now!

NOTE: The reason the Apache folks want you to use the remoteip module instead of X-Forwarded-For, is that some forwarders may attach other headers, such as X-Real-IP for example. However, in my own personal experience, hard coding the X-Forwarded-For header works most of the time.