This modified varnishncsa init script gives us support for properly logging an x-forwarded-for IP address. The original script is taken from an Ubuntu 14.04.01 machine with Varnish 3.0.5-2.
These are the changes in patch format:
--- /proc/self/fd/11 2014-12-22 17:40:12.102969345 +0100
+++ /proc/self/fd/13 2014-12-22 17:40:12.102969345 +0100
@@ -20,7 +20,8 @@
PIDFILE=/var/run/$NAME/$NAME.pid
LOGFILE=/var/log/varnish/varnishncsa.log
USER=varnishlog
-DAEMON_OPTS="-a -w ${LOGFILE} -D -P ${PIDFILE}"
+LOGFORMAT="%{VCL_Log:RealIP}x %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\""
+DAEMON_OPTS="-a -w ${LOGFILE} -D -P ${PIDFILE} -F"
# Include defaults if available
if [ -f /etc/default/$NAME ] ; then
@@ -41,7 +42,7 @@
log_daemon_msg "Starting $DESC" "$NAME"
create_pid_directory
if start-stop-daemon --start --quiet --pidfile ${PIDFILE} \
- --chuid $USER --exec ${DAEMON} -- ${DAEMON_OPTS} \
+ --chuid $USER --exec ${DAEMON} -- ${DAEMON_OPTS} "${LOGFORMAT}" \
> ${output} 2>&1; then
log_end_msg 0
else
To make this work, you need the following in your varnish config:
if (req.http.X-Forwarded-For) {
std.log("RealIP:" + req.http.X-Forwarded-For);
} else {
std.log("RealIP:" + client.ip);
}