We don’t use trusted_proxies in our hosted environment; we adjust the nginx config to set X-Real-IP
directly, since, IIRC, the RemoteIp
middleware prefers that over XFF. The pups exec stanza we use looks like this:
- replace:
filename: /etc/nginx/conf.d/discourse.conf
from: "types {"
to: |
set_real_ip_from 10.0.0.0/24;
set_real_ip_from 172.17.0.0/24;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
types {