posthog icon indicating copy to clipboard operation
posthog copied to clipboard

Published 20 hours ago • verified publisher icon PostHog

TRUSTED_PROXIES not working with Hobby deployment (without editing the Caddyfile)

Open Linkandzelda opened this issue 2 years ago • 2 comments

Bug description

Under the documentation running behind a proxy there's no mention of having to modify the Caddyfile to allow TRUSTED_PROXIES or TRUST_ALL_PROXIES to work, since the Caddyfile which ships with the hobby deployment removes any X-Forwarded-For headers before requests reach Posthog.

How to reproduce

  1. Deploy hobby deployment
  2. Add TRUSTED_PROXIES config
  3. See that IPs show as your external proxy/LB IP
  4. Modify Caddyfile reverse_proxy section:
reverse_proxy http://web:8000 {
        trusted_proxies private_ranges
}
  1. See that IPs now show correctly

Environment

  • [ ] PostHog Cloud
  • [X] self-hosted PostHog, version/commit: Hobby latest-release

Additional context

Perhaps evaluate whether or not the Caddyfile for the hobby deployment could ship like this, or add a section to the hobby deployment documention and the proxy documentation to mention these changes are required.

Linkandzelda avatar Nov 05 '22 02:11 Linkandzelda