LP#1684970 Translator compatible with mod_remoteip

Teach the OSRF Translator to request the IP address of the user agent
(e.g. web browser) instead of the IP address of the up stream client,
which may be a proxy, using the Apache 2.4 request_rec->useragent_ip
value.

http://httpd.apache.org/docs/2.4/developer/new_api_2_4.html

This make is possible for the translator to access the client IP with
Apache's mod_remoteip enabled and configured.

Includes sample config and install documentation.

Signed-off-by: Bill Erickson <berickxx@gmail.com>
Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>

diff --git a/README b/README
index 70c5dbe..b00a76b 100644 (file)
--- a/README
+++ b/README
@@ -520,6 +520,23 @@ export OSRF_WEBSOCKET_MAX_REQUEST_WAIT_TIME=600
 /etc/init.d/apache2-websockets start
 ---------------------------------------------------------------------------
 
+Optional: Using a web proxy (Apache 2.4 and above)
+--------------------------------------------------
+When the OpenSRF HTTP Translator runs behind a proxy, Apache must be 
+configured to read the IP address of the originating client instead
+of the proxy IP address.  
+
+1. Enable mod_remoteip
++
+[source,bash]
+---------------------------------------------------------------------------
+sudo a2enmod remoteip
+---------------------------------------------------------------------------
++
+2. Enable remote IP settings by uncommenting and modifying as needed the 
+Apache configuration variables starting with RemoteIP* in the sample Apache
+configuration file opensrf.conf.
+
 Optional: Using NGINX as a proxy
 --------------------------------
 NGINX can be used to proxy HTTP, HTTPS, and WebSockets traffic. Among other

diff --git a/examples/apache2/opensrf.conf b/examples/apache2/opensrf.conf
index 2989dc0..1d5e6bb 100644 (file)
--- a/examples/apache2/opensrf.conf
+++ b/examples/apache2/opensrf.conf
@@ -41,6 +41,16 @@ NameVirtualHost *:80
        # OpenSRF-over-HTTP translator
        # (http://open-ils.org/dokuwiki/doku.php?id=opensrf_over_http)
        # ----------------------------------------------------------------------------------
+
+    # OPTIONAL: Running the translator behind a proxy requires accessing
+    # the client IP address via mod_remoteip (sudo a2enmod remoteip).
+    # Below is a sample configuration for a proxy running on the same
+    # server and passing the client IP address via the X-Real-IP header.
+    #
+    #RemoteIPInternalProxy 127.0.0.1/24
+    #RemoteIPInternalProxy ::1
+    #RemoteIPHeader X-Real-IP
+
        <Location /osrf-http-translator>
                SetHandler osrf_http_translator_module
                allow from all

diff --git a/src/gateway/osrf_http_translator.c b/src/gateway/osrf_http_translator.c
index 789aaae..ec8a685 100644 (file)
--- a/src/gateway/osrf_http_translator.c
+++ b/src/gateway/osrf_http_translator.c
@@ -119,7 +119,7 @@ static osrfHttpTranslator* osrfNewHttpTranslator(request_rec* apreq) {
     trans->connecting = 0;
     trans->disconnecting = 0;
 #ifdef APACHE_MIN_24
-    trans->remoteHost = apreq->connection->client_ip;
+    trans->remoteHost = apreq->useragent_ip;
 #else
     trans->remoteHost = apreq->connection->remote_ip;
 #endif