Comment 10 for bug 1875299

Hi Marcus,
I was following your howto step by step and wanted to thank you already to provide that much details.
I was trying to simplify it further to not reach out to extra files, adding the apt install steps and everything else.

$ apt install apache2 libapache2-mod-php

define /etc/apache2/sites-enabled/000-default.conf as:
<VirtualHost *:8080>
        DocumentRoot /var/www/html

        <IfModule mod_remoteip.c>
                RemoteIPInternalProxy 127.0.0.1
                RemoteIPHeader X-Forwarded-For
        </IfModule>

        <Directory /var/www/html>
                RewriteEngine On
                RewriteRule .* index.php [L,QSA]
        </Directory>
</VirtualHost>

In File /etc/apache2/ports.conf change
Listen 80
to
Listen 8080

$ sudo a2enmod rewrite
$ a2enmod php7.0
$ systemctl restart apache2

$ apt install nginx

define file /etc/nginx/sites-enabled/default as:
server {
        listen 80 default_server;
        root /var/www/html;
        server_name _;

        location / {
                proxy_pass http://127.0.0.1:8080;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
}

$ systemctl restart nginx

define file /var/www/html/index.php as:
<?php
echo $_SERVER['REMOTE_ADDR'] . "\n";
?>

$ curl http://localhost/index.php
127.0.0.1
$ curl http://localhost/seo-friendly-url
127.0.0.1
$ curl http://localhost/seo-friendly-url -H "X-Forwarded-For: 1.1.1.1"
127.0.0.1

It doesn't seem to matter if I do the curl from localhost, or the same curl from another system onto this `curl 10.253.194.202/foo -H "X-Forwarded-For: 1.1.1.1"`. In my cases I never got the original client IP, nor the Faked IP - I always got the one of the nginx server.

Do you spot a difference between my approach above and your setup that would explain?