• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Real IPs with varnish

R

RobertoMa

Basic Pleskian
Server operating system version
Centos 7.9
Plesk version and microupdate number
18.0.58 #2
I've plesk 18.0.58 u2 on my server centos 7.9.
I installed varnish from docker following the instructions on the Plesk website and it works fine.
I just have one problem. the visitors' IPs are not the real ones but those of varnish.
I tried adding in the nginx directives but it doesn't work:

set_real_ip_from 172.17.0.0/24;
real_ip_header X-Forwarded-For;
real_ip_recursive on;

how can I get the real IPs?
 
Try,

Code: 
sub vcl_recv {
    if (req.http.X-Forwarded-For) {
        set req.http.X-Real-IP = req.http.X-Forwarded-For;
    }
    else {
        set req.http.X-Real-IP = client.ip;
    }
}

In your vanish VCL.
 
WebHostingAce said:
In where you do not see the real IP? Please post your Varnish VCL.
Click to expand...
In Apache. As a result, WordPress and PHPbb do not see the real IP of users. Because of this, some features on my site don't work properly.
my configuration Is nginx -> varnish -> apache.

Il mio file default.vcl è:
/* SET THE HOST AND PORT OF WORDPRESS * *********************************************************/ vcl 4.0; import std; backend default { .host = "my server ip"; .port = "7080"; .first_byte_timeout = 60s; .connect_timeout = 300s; } # SET THE ALLOWED IP OF PURGE REQUESTS # ########################################################## acl purge { "localhost"; "127.0.0.1"; "my server ip"; } #THE RECV FUNCTION # ########################################################## sub vcl_recv { # set realIP by trimming CloudFlare IP which will be used for various checks set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", ""); # FORWARD THE IP OF THE REQUEST if (req.restarts == 0) { if (req.http.x-forwarded-for) { set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; } else { set req.http.X-Forwarded-For = client.ip; } } # Purge request check sections for hash_always_miss, purge and ban # BLOCK IF NOT IP is not in purge acl # ########################################################## # Enable smart refreshing using hash_always_miss if (req.http.Cache-Control ~ "no-cache") { if (client.ip ~ purge || std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) { set req.hash_always_miss = true; } } if (req.method == "PURGE") { if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) { return(synth(405,"Not allowed.")); } return (purge); } if (req.method == "BAN") { # Same ACL check as above: if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) { return(synth(403, "Not allowed.")); } ban("req.http.host == " + req.http.host + " && req.url == " + req.url); # Throw a synthetic page so the # request won't go to the backend. return(synth(200, "Ban added")); } # Unset cloudflare cookies # Remove has_js and CloudFlare/Google Analytics __* cookies. set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); # Remove a ";" prefix, if present. set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); # For Testing: If you want to test with Varnish passing (not caching) uncomment # return( pass ); # DO NOT CACHE RSS FEED if (req.url ~ "/feed(/)?") { return ( pass ); } if (req.url ~ "/forum(/)?") { return ( pass ); } if (req.url ~ "/forums(/)?") { return ( pass ); } if (req.url ~ "/login(/)?") { return ( pass ); } if (req.url ~ "/logout(/)?") { return ( pass ); } if (req.url ~ "/contatti(/)?") { return ( pass ); } if (req.url ~ "/lostpassword(/)?") { return ( pass ); } if (req.url ~ "/login-panel(/)?") { return ( pass ); } #Pass wp-cron if (req.url ~ "wp-cron\.php.*") { return ( pass ); } ## Do not cache search results, comment these 3 lines if you do want to cache them if (req.url ~ "/\?s\=") { return ( pass ); } # CLEAN UP THE ENCODING HEADER. # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING # VARNISH WILL CREATE SEPARATE CACHES FOR EACH # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. # ########################################################## if (req.http.Accept-Encoding) { if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { # No point in compressing these unset req.http.Accept-Encoding; } elsif (req.http.Accept-Encoding ~ "gzip") { set req.http.Accept-Encoding = "gzip"; } elsif (req.http.Accept-Encoding ~ "deflate") { set req.http.Accept-Encoding = "deflate"; } else { # unknown algorithm unset req.http.Accept-Encoding; } } # PIPE ALL NON-STANDARD REQUESTS # ########################################################## if (req.method != "GET" && req.method != "HEAD" && req.method != "PUT" && req.method != "POST" && req.method != "TRACE" && req.method != "OPTIONS" && req.method != "DELETE") { return (pipe); } # ONLY CACHE GET AND HEAD REQUESTS # ########################################################## if (req.method != "GET" && req.method != "HEAD") { return (pass); } # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, EITHER # COMMENT OR UNCOMMENT BOTH # ########################################################## if ( req.http.cookie ~ "wordpress_logged_in|resetpass" ) { return( pass ); } #fix CloudFlare Mixed Content with Flexible SSL if (req.http.X-Forwarded-Proto) { return(hash); } # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN # THEN UNSET THE COOKIES # ########################################################## if (!(req.url ~ "wp-(login|admin)") && !(req.url ~ "&preview=true" ) ){ unset req.http.cookie; } # IF BASIC AUTH IS ON THEN DO NOT CACHE # ########################################################## if (req.http.Authorization || req.http.Cookie) { return (pass); } # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED # ########################################################## return (hash); # This is for phpmyadmin if (req.http.Host == "pmadomain.com") { return (pass); } } sub vcl_hash { if (req.http.X-Forwarded-Proto) { hash_data(req.http.X-Forwarded-Proto); } } # HIT FUNCTION # ########################################################## sub vcl_hit { return (deliver); } # MISS FUNCTION # ########################################################## sub vcl_miss { return (fetch); } # FETCH FUNCTION # ########################################################## sub vcl_backend_response { # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT # TO DO THIS # ########################################################## set beresp.http.Vary = "Accept-Encoding"; # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF # TIME THIS PAGE WILL STAY CACHED (TTL), add other locations or subdomains you do not want to cache here in case they set cookies # ########################################################## if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ "wordpress_logged_in|resetpass" ) { unset beresp.http.set-cookie; set beresp.ttl = 1w; set beresp.grace =3d; } if (beresp.ttl <= 0s || beresp.http.Set-Cookie || beresp.http.Vary == "*") { set beresp.ttl = 120 s; # set beresp.ttl = 120s; set beresp.uncacheable = true; return (deliver); } return (deliver); } # DELIVER FUNCTION # ########################################################## sub vcl_deliver { # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT # IN THE HEADER (GREAT FOR DEBUGGING) # ########################################################## if (obj.hits > 0) { set resp.http.X-Cache = "HIT"; # IF THIS IS A MISS RETURN THAT IN THE HEADER # ########################################################## } else { set resp.http.X-Cache = "MISS"; } }
 
i fixed.
I actived the module remoteip and I added in Additional Apache Directives for HTTP:

Header append Vary: X-Forwarded-For <IfModule mod_remoteip.c> RemoteIPInternalProxy 172.17.0.0/24 </IfModule>
 
You must log in or register to reply here.

Similar threads

S
Question How can I make my changes to Nginx site config Permanent per site?
Replies
3
Views
615
Raul A.
R
W
  • Locked
Issue Magento 2, Docker and Varnish Working but Purge errors with 501
Replies
1
Views
1K
Peter Debik
P
W
Resolved Magento 2.4.2, Varnish in Docker and Getting 501 PURGE errors in NGINX
Replies
17
Views
4K
Peter Debik
P
B
Question How is the server.conf file generated?
Replies
6
Views
808
Raul A.
R
W
Question Magento 2.4.6 mulitple vhosts on a single server and Varnish in Docker
Replies
1
Views
1K
andyxyz
A
Back
Top