Nginx – Possible to log X-FORWARDED-FOR to nginx error_log

amazon-elblog-filesnginxx-forwarded-for

Nginx allows custom log formats for access logs — right now I'm logging http_x_forwarded_for and it's working fine.

The problem is my error log only shows the LB IP. After Googling and reading through their documentation, it seems error_log doesn't support a custom format, only setting the log level (info, alert, notice, warning, etc).

Is there any kind of workaround or module I could use to get around this?

For completeness, my setup is:

Amazon ELB -> pool of instances running nginx as a reverse proxy to php-fpm 7.0

Best Answer

You should be using the real IP module, so that the client's actual IP address is considered the remote IP address, rather than your load balancer's IP address. This way, you won't have to check X-Forwarded-For in your logs, nor in your application either.

It is simple to enable it, just supply your load balancer IP address(es):

set_real_ip_from  10.0.0.0/8;
set_real_ip_from  172.16.0.0/12;
set_real_ip_from  192.168.0.0/16;
real_ip_header    X-Forwarded-For;

Correct way in new versions of nginx

Turn out my first answer to this question was correct at certain time, but it turned into another pitfall - to stay up to date please check Taxing rewrite pitfalls

I have been corrected by many SE users, so the credit goes to them, but more importantly, here is the correct code:

server {
       listen         80;
       server_name    my.domain.com;
       return         301 https://$server_name$request_uri;
}

server {
       listen         443 ssl;
       server_name    my.domain.com;
       # add Strict-Transport-Security to prevent man in the middle attacks
       add_header Strict-Transport-Security "max-age=31536000" always; 

       [....]
}

Nginx clear X-Forwarded-For before setting

Just don't use $proxy_add_x_forwarded_for - the whole purpose that it exists is to do the appending behavior.

Instead:

proxy_set_header X-Forwarded-For $remote_addr;

Best Answer

Related Solutions

NGINX Redirect – How to Rewrite All HTTP Requests to HTTPS While Maintaining Sub-Domain

Correct way in new versions of nginx

Nginx clear X-Forwarded-For before setting

Related Topic