I have nginx and php7.2-fpm installed on single Debian machine. nginx forwards requests to php through linux socks. I use yii2 which has request->trustedHosts setting. I need to add my local nginx there to be able to get x-forward-proto and other secure headers set.
Which address do I need to set up in trustedHosts? Ipv4 and Ipv6 cidr loopbacks do not help.
I just don't understand what network interface nginx uses to proxy request - loopback (127.0.0.1), some internal ip, external (internet) ip? So what is the default outbound ip nginx select to bind (should I use proxy_bind to change it to 127.0.0.1)?
Thanks in advance.
request->trustedHosts setting is checked against ip address provided by $_SERVER["REMOTE_ADDR"]. So check the contents of this variable.
If your machine is behind a proxy, $_SERVER["REMOTE_ADDR"] should contain proxy's ip. Try adding that ip into trustedHosts array.
(if there is no proxy and your machine is directly connected to the internet, it seems that it makes no sense to use trustedHosts. In that case $_SERVER["REMOTE_ADDR"] would contain client's ip, but you should NOT trust any client by adding "0.0.0.0/0" into trustedHosts)
Related
I am using a modified version of the official docker library php:7.0.30-apache image behind a reverse proxy (traefik).
The modifications include an alteration of apache2 default serving port 80 to port 1025. (openshift won't allow root operations like opening ports inside a docker container below 1024)
Now when using redirects inside the container apache2 ignores the HTTP_X_FORWARDED_PORT header and redirects to the correct hostname with port 1025 added.
Example:
The application runs at http://www.app.com (port 80) publicly, internally at http://app.local:1025 and when doing header("Location: web"); it redirects to http://www.app.com:1025/web instead of http://www.app.com/web
I also noticed the following behavior: When using .htaccess files to redirect to https browsers display a "too many redirects error" because both HTTP_X_FORWARDED_PORT and HTTP_X_FORWARDED_PROTO are ignored.
What do I need to do for .htaccess and php header("Location: xyz"); redirects work and respect forwarded headers behind a reverse proxy?
I do understand that this is the correct behavior for the request coming from the reverse proxy to the apache host, I just need to configure apache2 to react to the request that was made to the reverse proxy instead.
I'm trying to create a live web server on my Windows 8.1 computer.
I am connected directly to my modem using ethernet (I do have a wireless router) but I am not connected to it on this computer (desktop).
I have XAMPP working and my website appears at http://localhost/home
However, if I put in my IP from www.whatismyip.com it does not load my web server.
What am I missing?
You need to create a Port Forwarding for Port 80 to your Computers local IP Address. There should be a Admin Panel for your Router (normally the Gateway - check out with Start - Run - cmd -> then insert "ipconfig" and check out the Gateway.
And i guess in XAMPP the Internet Access is blocked. But this is a simple Apache Server, so you need to open your httpd.conf File (Should be: “c:\xampp\apache\conf\extra\httpd-xampp.conf)
Search here for:
There should be a "Deny from all" - add a # in Front to deactivate that rule.
Restart your Xampp and it should work.
Here you find more Information about Port-Forwarding:
https://managewp.com/how-to-access-a-local-website-from-internet-with-port-forwarding
Any maybe you will also need to activate Port 80 on your Firewall (depends on your Configuration)
You need a method of telling request sent to your public ip to be forwarded to the private ip of the web server. Try logging into you device (router etc) and setting this up.
What is the easiest option to redirect a request to a different host/port?
Here is my entire scenario:
I am making a request using php to a certain ip and port. The response includes another url location, but it is badly configured and instead of including ip and port, it simply includes a server name. Now, if I access the entire url location that I have as response with the server name replaced with the proper ip and port it works.
I've tried editing /etc/hosts setting the server name to the ip address, but how do I workaround the port too?
I am using mac osx 10.9.4, and I've tried some things with ipfw and pf, but neither really worked.
Thanks.
I had a similar problem quite recently on Mavericks (10.9). The way I solved it included 2 steps:
hosts file
Simply added a line similar to this:
127.0.0.1 www.someaddress.com
port forwarding
To set up port forwarding I used ipfw, which worked fine, e.g:
ipfw add 100 fwd 127.0.0.1,9001 tcp from any to any 80 in
In the example above port 9001 is forwarded to port 80. Even though ipfw is deprecated it still works.
echo $_SERVER['SERVER_ADDR'] always yields 192.168.1.142, which is the IP address of my server within my home network. I can access the website using my external IP since I've set up the port forward on my router, but $_SERVER['SERVER_ADDR'] will only return the internal IP, no matter what I try.
How can I make $_SERVER['SERVER_ADDR'] return my external IP?
You can use file_get_contents function for this. You just need to find a host which can return your ip address
$externalContent = file_get_contents('http://checkip.dyndns.com/');
preg_match('/Current IP Address: ([\[\]:.[0-9a-fA-F]+)</', $externalContent, $myIp);
echo $myexternalIp = $myIp[1];
Add a second IP to your server (ifconfig eth0:1 192.168.1.143) and use that in your router's port forwarding rules. That way, external accesses will be coming in through that address instead and you can tell the difference between the two.
Background :
My apache webserver runs on two virtual host with two different IP address. I have whitelisted both of these IPs to the remote SMPP server/system. I would be communicating to the remote server from a single machine which has these two IP addresses.
Situation :
I am trying to open a socket connection to a remote SMPP server. But I want to initiate connection to the server from different IP address.
What I tried :
I created two folders mkdir /var/www/html/server{1,2} and added following lines to my http.conf
Listen 1.1.1.1:80
Listen 2.2.2.2:80
<VirtualHost 1.1.1.1:80>
DocumentRoot /var/www/html/server1
</VirtualHost>
<VirtualHost 2.2.2.2:80>
DocumentRoot /var/www/html/server2
</VirtualHost>
and in each folder I write the same php file which opens a socket connection and does whatever it is supposed to do. I will be moving the server2 and the second IP on a new machine. But before doing that, I just want to know for sure that the second IP is actually whitelisted and I will be able to communicate via that IP.
Question :
When you fsockopen inside PHP , what IP address is sent to the remote server? will it be same as $_SERVER['SERVER_ADDR'] or something else ?
Note on IPs :
I saw couple of answers mentioning actual IP address of my machine. Assume that I have two eth cards, providing me with two, i.e., eth0 and eth1 interfaces with 1.1.1.1 and 2.2.2.2 IP addresses. Both are linked to external world and I can call my machine by any of the address. So if your answer is something along the lines of actual-public-linked-up-ip-address-of-your-server please tell me which one 1.1.1.1 or 2.2.2.2 ? How do you decide which one is actual and which one is virtual ?
It will be actual public IP of your server.
Let's assume you have 3 IP's on the server:
1.1.1.1 - main IP (link IP)
2.2.2.2, 3.3.3.3 - on some other network interfaces
All requests will go to other servers from the main IP.
There is another case where 1.1.1.1, 2.2.2.2 and 3.3.3.3 are link interfaces. In this case you may need to contact your network administrator and check how those interfaces are configured and what is the main connection IP.
For example I have 2 interfaces: eth0 and eth1 bridged and the public IP is associated with the bridge.