Varnish IP forwarding to apache and nginx


When you install varnish-cache on your server, you will notice that the IP your backend receives is always your localhost (IPv4 127.0.0.1, IPv6 ::1).

That’s a problem for different cases:

  1. The log doesn’t contain IP information (e.g. if you use an analytic tool like webalizer that scans the log for unique users)
  2. Local statistic tools (like piwik) gets confused
  3. You can’t use the PHP variable $_SERVER[‚REMOTE_ADDR‘] because it always returns 127.0.0.1

To fix this here’s the solution for apache and nginx webservers:

Apache:

There is a mod for Apache that rewrites the header information: mod_rpaf
If you use Debian you can install it via

apt-get install libapache2-mod-rpaf

There is no more work, just active mod and reload apache (if it isn’t done by your packetmanager)

nginx

To get the right IP in nginx add the following lines to the config (e.g. Debian default installation)

http {
  [...]
  #varnish ip passthrough;
  set_real_ip_from 127.0.0.1;
  real_ip_header X-Forwarded-For;
  [...]
}

reload nginx, and you should have the right user ip in nginx.