azukaar
[FEAT]: Support reverse proxy headers for forwarded
What happened?
Hi,
I set up cosmos behind a nginx proxy, configured to forward the real client IP
set_real_ip_from 10.1.0.0/30;
real_ip_header proxy_protocol;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
However Cosmos only see the Nginx Proxy's IP, not the original client preventing the IP Whitelist to operate as desired on the URL.
I can't find help in the documentation, how should cosmos be configured to use headers client IP to match the Whitelist IP Rule.
Thanks !
What should have happened?
Cosmos Proxy should detect / use real client IP instead of the Nginx one.
How to reproduce the bug?
- Go to URL
- Create a new Proxy URL
- enter Whitelist IP in Advanced Security
Relevant log output
No response
Other details
The nginx reverse proxy itself is behind another proxy using the proxy_protocol to retrieve the source client IP. Nginx sees the correct client IP. This part is working as expected.
System details
- OS: GNU/Linux
- Browser Firefox/Chrome
- Version Cosmos 0.15.7
This is not a bug Cosmos does not support forwarded IPs headers, renaming ticket into FEAT
I am having this same issue as installing Cosmos behind nginx proxy manager (for multiple domains management). I willing to contribute with a PR if you are prioritizing this. Thanks!
https://github.com/azukaar/Cosmos-Server/pull/385
There is one, it might make it to 0.18 if I can test it and validate it