IP addresses are not correct in my installation

Currently the Discourse IP lookup feature is broken (assuming a Docker install using the official install guide).

Repro steps:

  1. Install a fresh Discourse instance (Ubuntu server in VM, only accessible from local network)
  2. Create at least 3 accounts (developer/admin, moderator and normal user) using different physical devices (e.g. phone, desktop)
  3. Open a random account and click IP lookup next to any of the IP addresses listed.

Expected behavior: User should be listed along with all users created from that device.
Current behavior: User is displayed along with all accounts created on instance.

Screenshot:

Your IPs are not logging properly to begin with. So this feels like a setup issue, are you behind cloudflare? Or any sort of proxy?

5 Likes

It is not behind any sort of proxy. This server happens to be running in my internal network (192.168.1.xx) via nip.io and I can confirm that the server is receiving XFF headers with my IP in them per the rails environment presented by the developer-only mini profiler (screenshot below).

Maybe your internal corp network is using NAT so many users appear to come from the same IP address?

Edit: apparently, the mini profiler shows it that way

You’re testing with local addresses and those are handled in a special way by the RoR middleware.

2 Likes

I’m very, very sure that there is no proxy configuration on any of my devices whatsoever. The only things I could envision being a proxy are at the virtualbox layer (the server recognizes my real IP in last connected when I ssh to it though) or at router level (it may be set for NAT).

How might I tell Discourse to trust/use the XFF header set by whatever is saying localhost or do I have to open a new topic for that?

192.168.1.134 is a private IP, you are basically saying you want REMOTE ADDR to be some arbitrary private IP address here.

Rack does not like it when you forward for private IP addresses per:

https://github.com/rack/rack/blob/master/lib/rack/request.rb#L20

So if you want special treatment there and to allow multiple users in a LAN all to be treated as if they have different private IPs there is some rack patching needed which you would need to do in a plugin.

You basically need to set Rack::Request.ip_filter = lambda { |ip| false } in a very simple plugin.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.