cloudserver icon indicating copy to clipboard operation
cloudserver copied to clipboard

Published 20 hours ago verified publisher icon scality

CloudServer clientIP 127.0.0.1 not read X-Real-IP nginx proxy-pass

Open mewallkit opened this issue 1 year ago • 2 comments 

server {
    listen 443 ssl;
    server_name example.ru;

    ssl_certificate /etc/nginx/ssl/example-ru.crt;`
    ssl_certificate_key /etc/nginx/ssl/example-ru.key;

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

sniffing data

'GET / HTTP/1.0'
'Host: example.ru'
'X-Real-IP: XXX.XXX.XXX.XXX'
'Connection: close', 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0'
...

cloudserver log clientIP 127.0.0.1 not X-Real-IP

what needs to be done, or this behavior is not provided, which is most likely?

mewallkit avatar Oct 14 '23 16:10 mewallkit

By default, for security reasons, real ip extraction from headers is disabled, but can be configured in the requests section.

rachedbenmustapha avatar Oct 16 '23 18:10 rachedbenmustapha 

...
    "requests": {
        "viaProxy": true,
        "trustedProxyCIDRs": ["127.0.0.1/8", "::1"],
        "extractClientIPFromHeader": "X-Real-IP"
    },
...

I tried different options, the last thing I tried looked like this, it didn't change the behavior was still in the output...

{"name":"S3","clientIP":"::ffff:127.0.0.1","clientPort":56564,"httpMethod":"GET","httpURL":"....

there are suggestions that you can still change or fix something that I did wrong?

mewallkit avatar Oct 20 '23 21:10 mewallkit