Hi,
I have researched quite a lot but nothing seems to work with me.
I have a discourse setup installed. And I have this remote reverse proxy server that acts as a HTTPS layer between the user and the main discourse server…
I have included these revers proxy settings properly… But why does it still show my Reverse Proxy server’s IP Address (hostname to be specific)
The nginx running in the container does not trust headers set by the proxy.
Hi @schleifer,
Can you guide me on this? I have looked into these files, seems too fragile to manipulate on a production environment.
Thanks!
You only need the last part - inserting set_real_ip_from <CIDR>; to the nginx.conf. The other parts are more complicated to support Cloudflare adding new IPs.
If you have a single IP for the proxy, something like:
- replace:
filename: /etc/nginx/conf.d/discourse.conf
from: "types {"
to: |
set_real_ip_from 192.168.0.1;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
types {
Probably you need to remove the same definitions from docker, modify your app.yml and rebuild:
run:
- exec: echo "Beginning of custom commands"
- replace:
filename: /etc/nginx/conf.d/discourse.conf
from: $proxy_add_x_forwarded_for
to: $http_fastly_client_ip
global: true
- exec:
cmd:
- sed -i 's/client_max_body_size 10m ;/client_max_body_size 100m ;/g' /etc/nginx/conf.d/discourse.conf
- sed -i '/proxy_set_header X-Real-IP $remote_addr;/d' /etc/nginx/conf.d/discourse.conf
- sed -i '/proxy_set_header X-Forwarded-For $http_fastly_client_ip;/d' /etc/nginx/conf.d/discourse.conf
- sed -i '/proxy_set_header X-Forwarded-Proto $scheme;/d' /etc/nginx/conf.d/discourse.conf
- exec: echo "End of custom commands"
This block has 100m limit for max_body_size as well (the first sed command makes a replacement). The other sed commands remove lines from discourse.conf inside docker before container starts.