Tested on Debian 7 / NGINX 1.10
When a web server is working behind a proxy, ha-proxy, varnish, or any web server in proxy mode, by default in the log file, you see the IP of proxy server not the real client IP, this can be a trouble for making statistics for example.
Usually you can configure the proxy server for making forwarding of the client IP by X-Forwarded-For header, for example in varnish4 you can do it so:
req.http.X-Forwarded-For = client.ip;
But it’s not enough because is still necessary modify the configuration in the destination web server.
Nginx can be configured to show the client IP but for do it we need to compile from the sources. At this article the workaround is for Debian 7.
First, install the development libraries needed:
~ $ apt-get install libpcre3-dev libgeoip-dev libssl-dev libc6 libpcre3 zlib1g lsb-base
Second, download sources from the official site and unpack files, then run configure with the desirable options, for our case we need with-http_realip_module option:
~ $ ./configure --sbin-path=/usr/local/sbin --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_geoip_module --with-pcre-jit
Make:
~ $ make
And install:
~ $ make install
Finally add next configuration to nginx.conf file inside http block, where x.x.x.x is the proxy server IP:
set_real_ip_from x.x.x.x;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
And restart nginx:
~ $ /etc/init.d/nginx restart