Froxlor icon indicating copy to clipboard operation
Froxlor copied to clipboard

Published 20 hours ago verified publisher icon froxlor

Feature Request: Behind-a-reverse-proxy-support (e.g. Cloudflare)

Open patschi opened this issue 5 years ago • 2 comments

Problem

Reverse proxy are getting more usual, and Cloudflare is a very common one offering a lot of benefits. However there are also changes required on the server-side to get the real IP of the visitor, and not the Cloudflare Edge IP address which is contacting the origin server, like Froxlor in this case.

Idea

Having new configuration options when editing a (sub)domain:

  • "Is behind a reverse proxy?": boolean. Set if domain is behind a reverse proxy or not.
  • "Trusted IP addresses": string. A set range of IP addresses from the reverse proxy, which determines if the real IP should be read from the X-Forwarded-For header instead.
  • "real_ip_recursive": boolean. I'm not sure if this is needed. Might be nginx-specific.

Ressources

  • http://nginx.org/en/docs/http/ngx_http_realip_module.html

patschi avatar Feb 12 '19 23:02 patschi

It's 2022, it's mandatory... By the way, it is also a joke that there are no sessions in cookies

toster234 avatar Feb 27 '22 23:02 toster234

Hello, I use froxlor with cloudflare, and it works very well, it is only necessary to make a change, in my case in apache2.

Greetings.

tuxsoul avatar Feb 28 '22 23:02 tuxsoul

The various scenarios I encoutered didn't have any issues if behind cloudflare or similar

d00p avatar Nov 05 '22 07:11 d00p

@d00p I'm not sure why this was closed?

When you have Cloudflare in front of the websites, you won't see the real IP in the logs and in PHP, as Cloudflare proxies it as a reverse proxy/. This behavior is typical for a reverse proxy.

Even see the Cloudflare documentation: https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/#web-server-instructions

Cloudflare even have a API to query for their Edge IPs to be used with set_real_ip_from : https://www.cloudflare.com/ips-v4 https://www.cloudflare.com/ips-v6

This is required for nginx and apache. Therefore a native integration for Cloudflare would be handy, and also a setting to use set_real_ip_from for own-configured reverse proxies.

As those IPs change from Cloudflare, this needs to be automated and the webserver also reloaded on changes.

For example I do have several websites behind a load balancer, hence not seeing the real IPs on the Froxlor instance. This requires said configuration value to be set.

patschi avatar May 27 '23 15:05 patschi