Compare commits
13 Commits
1.1.0-3.20
...
1.1.1-3.20
| Author | SHA1 | Date | |
|---|---|---|---|
| 656e219818 | |||
| b54c71b8f0 | |||
| b6b37335c1 | |||
| 3b2610913c | |||
| 3106893f38 | |||
| 2b8bf5e15f | |||
| 88705a21b5 | |||
| 87f556bec3 | |||
| 395a7fe963 | |||
| 5fbc2e3e88 | |||
| 5bbf2fb1d0 | |||
| 54b1322717 | |||
| c6e13a366c |
@@ -2,7 +2,7 @@
|
||||
|
||||
[](https://jenkins.confdroid.com/job/confdroid_apache/)
|
||||
[](https://sonarqube.confdroid.com/dashboard?id=confdroid_apache)
|
||||
[](https://sonarqube.confdroid.com/dashboard?id=confdroid_apache)
|
||||
[](https://deepwiki.com/grizzlycoda/puppet_collection)
|
||||
|
||||
- [README](#readme)
|
||||
- [Synopsis](#synopsis)
|
||||
@@ -45,7 +45,7 @@ Configuration
|
||||
|
||||
Optional
|
||||
|
||||
- manage remoteIP logging if running behind a Loadbalancer like HAproxy: if `ae_use_lb` is set to `true`, a configuration file `etc/httpd/conf.d/loadbalancer-remoteip.conf`is created and configures apache/httpd to use the remote header. This allows proper fail2ban protection even behind the Loadbalancer. Make sure to set `ae_trusted_proxy`to the proper IP or range for the loadbalancer!
|
||||
- manage remoteIP logging if running behind a Loadbalancer like HAproxy: if `ae_use_lb` is set to `true`, a configuration file `etc/httpd/conf.d/loadbalancer-remoteip.conf`is created and configures apache/httpd to use the remote header. This allows proper fail2ban protection even behind the Loadbalancer. Make sure to set `ae_trusted_proxy` and `ae_internal_proxy` to the proper IP or range for the loadbalancer!
|
||||
|
||||
Maintenance
|
||||
|
||||
|
||||
@@ -30,9 +30,15 @@
|
||||
# to apply the changes. This is required when using httpd behind a
|
||||
# load balancer like haproxy, otherwise all client ips will be logged
|
||||
# as the load balancer ip.
|
||||
# @param [String] ae_trusted_proxy the IP address of the trusted proxy,
|
||||
# i.e. the load balancer. This is required when `ae_use_lb` is set to
|
||||
# true, and defaults to '10.0.1.0/24'.
|
||||
# @param [Array] ae_trusted_proxy the IP addresses of the trusted proxies,
|
||||
# i.e. the load balancers. This is required when `ae_use_lb` is set to
|
||||
# true, and defaults to ['127.0.0.1','10.0.1.0/24'].
|
||||
# @param [Array] ae_internal_proxy the IP addresses of the internal proxies,
|
||||
# i.e. the internal load balancers. This is required when `ae_use_lb` is set to
|
||||
# true, and defaults to ['127.0.0.1'].
|
||||
# @param [String] ae_remoteip_header the header to use for the remote ip,
|
||||
# typically `X-Forwarded-For`. This is required when `ae_use_lb` is set
|
||||
# to true, and defaults to `X-Forwarded-For`.
|
||||
###########################################################################
|
||||
class confdroid_apache::params (
|
||||
|
||||
@@ -58,7 +64,9 @@ class confdroid_apache::params (
|
||||
|
||||
# loadbalancer
|
||||
Boolean $ae_use_lb = false,
|
||||
String $ae_trusted_proxy = '10.0.1.0/24',
|
||||
Array $ae_trusted_proxy = ['127.0.0.1','10.0.1.0/24'],
|
||||
Array $ae_internal_proxy = ['127.0.0.1','10.0.1.0/24'],
|
||||
String $ae_remoteip_header = 'X-Forwarded-For',
|
||||
|
||||
) {
|
||||
# facts
|
||||
|
||||
@@ -3,10 +3,18 @@
|
||||
########## manual changes will be overwritten !!! ##########
|
||||
###############################################################################
|
||||
|
||||
RemoteIPHeader X-Forwarded-For
|
||||
RemoteIPTrustedProxy <%= @ae_trusted_proxy %>
|
||||
RemoteIPInternalProxy <%= @ae_trusted_proxy %>
|
||||
<IfModule remoteip_module>
|
||||
RemoteIPHeader <%= @ae_remoteip_header -%>
|
||||
<% @ae_trusted_proxy.each do |proxy| %>
|
||||
RemoteIPTrustedProxy <%= proxy -%>
|
||||
<% end -%>
|
||||
<% @ae_internal_proxy.each do |proxy| %>
|
||||
RemoteIPInternalProxy <%= proxy -%>
|
||||
<% end -%>
|
||||
|
||||
|
||||
# Use real client IP in all standard log formats
|
||||
LogFormat "%a %l %u %t \"%r\" %>s %b" common
|
||||
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
|
||||
</IfModule>
|
||||
|
||||
# mod_remoteip rewrites client address for %a; use it in common/combined logs.
|
||||
LogFormat "%a %l %u %t \"%r\" %>s %b" common
|
||||
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
|
||||
|
||||
Reference in New Issue
Block a user