Skip to content

Instantly share code, notes, and snippets.

@isapir

isapir/nginx-settings.md

Last active July 18, 2017 16:42
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save isapir/8a70ed85b3a7a6e92908191f938d7a1a to your computer and use it in GitHub Desktop.
Save isapir/8a70ed85b3a7a6e92908191f938d7a1a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
nginx-settings.md

nginx

Reverse Proxy Headers:

proxy_set_header    Host                $host;                        ## CGI.HTTP_HOST
proxy_set_header    X-Original-URI      $request_uri;                 ## CGI.X_Original_URI     - URI before rewriting
proxy_set_header    X-Real-IP           $remote_addr;                 ## CGI.X_REAL_IP          - IP address that connected to nginx
proxy_set_header    X-Request-ID        $request_id;                  ## CGI.X_REQUEST_ID       - unique identifier for the request
proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;   ## CGI.REMOTE_ADDR        - via Tomcat RemoteIpFilter
proxy_set_header    X-Forwarded-Proto   $scheme;                      ## CGI.SERVER_PORT_SECURE - via Tomcat RemoteIpFilter

Log Settings

map $time_iso8601 $date_iso {

  ~^(?P<substr>\d\d\d\d-\d\d-\d\d)    $substr;
}

log_format      standard_log_format '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
log_format      upstream_log_format '$time_iso8601 $status $remote_addr $request $http_referer "$http_user_agent" $upstream_addr $upstream_status $upstream_response_time "$http_x_forwarded_for" $cookie_cfid $request_id';

access_log      /log-directory/$host-access-$date_iso.log upstream_log_format;
Raw
tomcat-settings.md

Tomcat:

web.xml

RemoteIpFilter - Reverse Proxy Headers

<filter>
  <filter-name>RemoteIpFilter</filter-name>
  <filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class>
  <init-param>
    <param-name>internalProxies</param-name>
    <param-value>127\.0\.0\.1</param-value>
  </init-param>
  <init-param>
    <param-name>remoteIpHeader</param-name>
    <param-value>x-forwarded-for</param-value>
  </init-param>
  <init-param>
    <param-name>remoteIpProxiesHeader</param-name>
    <param-value>x-forwarded-by</param-value>
  </init-param>
  <init-param>
    <param-name>protocolHeader</param-name>
    <param-value>x-forwarded-proto</param-value>
  </init-param>
</filter>

<filter-mapping>
  <filter-name>RemoteIpFilter</filter-name>
  <url-pattern>/*</url-pattern>
  <dispatcher>REQUEST</dispatcher>
</filter-mapping>

server.xml

Access Log Value

pattern="%{yyyy-MM-dd'T'HH:mm:ssZ}t %s %{X-Real-IP}i %r %{Referer}i &quot;%{User-Agent}i&quot; %I %T %{X-Original-URI}i %{cfid}c %{X-Request-ID}i"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment