Project

General

Profile

[Solved] How to have mod_maxminddb / accesslog with unix sockets?

Added by juangacovas 11 months ago

Lighttpd 1.4.70

I configured mod_maxminddb and correctly get GEOIP_COUNTRY_CODE if I use a networked "server.bind", but not if I bind lighttpd to unix socket.

From lighttpd.conf:

server.bind = "/path/to/lighttpd.sock" 
server.socket-perms = "0775" 

I have lighttpd behind HAProxy and before asking I tested I'm getting the correct IP through mod_extforward when bind is NOT an unix socket.
I can find the real IP in logs through the default accesslog.format config:

accesslog.format = "%h %l %u %t \"%r\" %b %>s \"%{User-Agent}i\" \"%{Referer}i\""

I got the correct IP:
109.232.x.x - - [14/May/2023:08:47:45 +0200] "GET / HTTP/2.0" 89891 200 ...

...but once you bind to unix socket, logs result in the socket path:
/path/to/lighttpd.sock - - [14/May/2023:08:50:58 +0200] " GET / HTTP/2.0" 89891 200 ...

Which I suspect is the reason mod_maxminddb isn't working either (getting a blank env var for GEOIP_CITY_NAME) from the dynamic backend

What I do to have real IPs at logs when binding to unix socket is force the accesslog.format to:

accesslog.format="%{X-Forwarded-For}i %l %u %t \"%r\" %b %>s \"%{User-Agent}i\" \"%{Referer}i\""

That works, but seems obvious that mod_maxminddb is not getting the correct address.

I tried having this order in modules.conf:

   "mod_extforward",
   "mod_maxminddb",

So is there a way to make mod_maxminddb to work with unix sockets / mod_extforward? Thank you.


Replies (3)

RE: How to have mod_maxminddb / accesslog with unix sockets? - Added by gstrauss 11 months ago

I have lighttpd behind HAProxy and before asking I tested I'm getting the correct IP through mod_extforward when bind is NOT an unix socket.

Please share your mod_extforward config. See an example with unix domain sockets in #3198

RE: How to have mod_maxminddb / accesslog with unix sockets? - Added by juangacovas 11 months ago

Thanks a lot, that worked. Didn't know about that feature request being closed.

Now my extforward config is:

extforward.headers = ("X-Forwarded-For")
extforward.forwarder = (
                        "127.0.0.1" => "trust", 
                        "/path/to/lighttpd.sock" => "trust" 
                       )

And indeed I'm getting the real IP with
accesslog.format = "%h %l %u %t \"%r\" %b %>s \"%{User-Agent}i\" \"%{Referer}i\""

RE: How to have mod_maxminddb / accesslog with unix sockets? - Added by juangacovas 11 months ago

Sorry, I also confirm that now I'm properly getting GEOIP_COUNTRY_CODE from mod_maxminddb too.

    (1-3/3)