Discourse reports user ips as the load balancer

I have an external load balancer (aws ELB) directing traffic to my discourse server. I have verified the X-Forwarded-For headers are being sent, but for some reason all the user ips show up as the load balancer ip?

Is this a bug or is there some setting I am missing?

I know @mpalmer knows a lot about this. Any advice, Matt?

2 Likes

I’d say you’re missing the nginx setting to “trust” the IP address that is making the connection, so the XFF header is ignored. The setting name is set_real_ip_from; grovel around in your nginx config(s) to see what (if anything) it’s currently set to, and season to taste.

3 Likes

Thanks, found the solution here: Amazon Elastic Load Balancer and Forwarding Real-IP Nginx

basically, add the following to the http section in nginx.conf

real_ip_header X-Forwarded-For;
set_real_ip_from 0.0.0.0/0;
1 Like

Oh sweet jeebers, don’t do that. It’ll allow anyone who can manage to get a HTTP connection into your servers to spoof their IP address, which will only lead to trouble. Set it to the IP range of your VPC, instead.

8 Likes

oh ya, I know that much, I just didnt want to post my range to the public :wink:

2 Likes

Sure, but will everyone else who finds this topic and copies your example know that?

2 Likes

Well, they’ll surely scroll down and see your reply just under it, though? I suspect yes.

1 Like

That’s why I made my reply.

6 Likes