Home / user-3966

Annika Backstrom's questions

Martin Hope
Annika Backstrom
Asked: 2016-01-27 09:09:59 +0800 CST
  • 1

tl;dr Can I ensure the PPTP ppp0 interface is always available, so that nginx and other services can bind to its IP address?

I have an nginx server on Ubuntu 12.04 hosting a handful of public sites. This box also acts as a PPTP VPN, with the following config:

localip 10.76.44.1
remoteip 10.76.44.100-110

I'm installing a new service, proxied behind nginx, and I wanted to limit access to clients on the VPN. I thought I could just tell the server to listen on the localip port:

server {
    listen 10.76.44.1:80;
    ...
}

This worked fine when I initially tested it, but when I restarted the nginx service outside an active PPTP connection, the ppp0 interface was not available and nginx could not bind to the IP address:

nginx: [emerg] bind() to 10.76.44.1:80 failed (99: Cannot assign requested address)
nginx: configuration file /etc/nginx/nginx.conf test failed

In this specific case, I can use the nginx deny directive to limit access the way I want, but that may not be the case for other services I install. Is there a way I can initiate this ppp0 interface at boot so it's available to nginx? Do I need another workaround like binding to an internal-only IP, and adding a forwarding rule for VPN clients?

nginx
Martin Hope
Annika Backstrom
Asked: 2009-06-10 02:44:59 +0800 CST
  • 3

I am currently running Varnish as a reverse proxy in front of our development website, testing before deployment into production. One of the things I've had to come to grips with is logging: in a direct access world, Apache logs the client IP address to access_log and error_log. This is slightly less useful when every client connection is from our Varnish box.

I've done some customization with SetEnvIf and LogFormat, and now our access_log intelligently logs the appropriate IP from REMOTE_HOST or X-Forwarded-For, depending on the source of the incoming connection. This doesn't do anything for error_log though. As far as I can tell, I can't override the client IP in this log.

So, what are your solutions for logging in a reverse proxy world? Should I pretty much write off the standard Apache logging and focus my efforts somewhere else, ie. in code? I am interested in both usage statistics and security auditing here.

logging apache-2.2 varnish reverse-proxy