on ubuntu 18, i created lxd (4.0.3) container ubuntu:20.04 and installed apache,php-fpm on it.
apache work well in container.
but facing problem.
all connexion logged to apache are identified by ip 127.0.0.1
i wanted to use fail2ban, but in this case, it will be impossible to use it.
Question: how to config that to keep peer ip passing throug the bridge network ?
However I am assuming you are using the proxy device and so the issue is likely that you need to enable the PROXY protocol on your proxy device and then configure Apache to use the external IP info that is passed through.
WOW, FINE…
for other, how to get peer ip to apache on lxd container with proxy
assume container name is ‘store’ and rule name is ‘store80’
on lxc container , add rule to apache2 port 80, lxc config device add store store80 proxy listen=tcp:0.0.0.0:80 connect=tcp:127.0.0.1:80 proxy_protocol=true
or add/change value in existing rule
lxc config device set store store80 proxy_protocol=true
in container:
ref: apache2 ip behind proxy
create file and add conf like this
vi /etc/apache2/conf-available/remoteip.conf
# recuperer les adresses ip du client renvoyées par le proxy
RemoteIPHeader X-Forwarded-For
# ici les adresse distantes auxquelles on fait confiance pour présenter une valeur RemoteIPHeader
RemoteIPTrustedProxy 127.0.0.1 ::1
a2enconf remoteip
a2enmod remoteip
add the directive in your defaut virtual host… ref: apache 2 mode_remoteip
apache dont respond without it when remoteip is enabled.
vi /etc/apache2/sites-available/000-default.conf
RemoteIPProxyProtocol On
and finaly,
systemctl restart apache2
to confirm working
tail -f /var/log/apache2/access.log
and navigate to your defaut server page… http://<your host ip>