I have a Rails app running under nginx 1.2.8 behind a NodeBalancer.

I have the HttpRealIpModule installed and configured with:

set_real_ip_from 192.168.255.7; <-- internal IP address of NodeBalancer
real_ip_header X-Forwarded-For;

But all requests are still being logged as coming from

192.168.255.7

in both Rails and nginx logs.

According to the NodeBalancer docs at

http://library.linode.com/nodebalancers ... for-header

this is all I need to do. Am I missing something else?

Thanks.

Are you using https (i.e. tcp balancing) if so you can't get the real IP.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

Yes, I am using HTTPS and hence am using TCP balancing.

I thought that since nginx is doing the SSL termination I would have full visibility into the request & packet (?)

Nope the tcp connection hits the node balancer which then forwards it to your nodes so you'll always see the node balancer IP.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

nginx is terminating things, which means you've got an encrypted pipe between you and the user's web browser, and the NodeBlancer can't add the x-forwarded-for header (because it can't modify the encrypted data).

There are other ways you can get the customer's IP if required. If your app uses some sort of session mechanism, start the session on an unencrypted page, store the real IP, then redirect the user to an encrypted page. Or you could use an unencrypted landing page and redirect the user with the real IP as a GET or POST parameter or something.