Last IP shows Reverse Proxy IP address

PhoenixPeca · 2019-03-31T00:25:10.393Z

Hi,

I have researched quite a lot but nothing seems to work with me.

I have a discourse setup installed. And I have this remote reverse proxy server that acts as a HTTPS layer between the user and the main discourse server…

image.png882×174 8.12 KB

I have included these revers proxy settings properly… But why does it still show my Reverse Proxy server’s IP Address (hostname to be specific)

image.png1246×556 51.8 KB

schleifer · 2019-03-31T00:41:02.121Z

The nginx running in the container does not trust headers set by the proxy.

X-Forwarded-For proxy tag not recognized by Discourse? installation

Take a look at the templates/cloudflare.template.yml file. Basically, you need to insert set_real_ip_from directives for the full list of load balancer IPs.

PhoenixPeca · 2019-03-31T01:00:36.979Z

Hi @schleifer,

Can you guide me on this? I have looked into these files, seems too fragile to manipulate on a production environment.

Thanks!

riking · 2019-03-31T03:48:08.247Z

You only need the last part - inserting set_real_ip_from <CIDR>; to the nginx.conf. The other parts are more complicated to support Cloudflare adding new IPs.

schleifer · 2019-04-01T16:12:26.877Z

If you have a single IP for the proxy, something like:

    - replace:
        filename: /etc/nginx/conf.d/discourse.conf
        from: "types {"
        to: |
          set_real_ip_from 192.168.0.1;
          real_ip_header X-Forwarded-For;
          real_ip_recursive on;
          types {

Ivan_Rapekas · 2019-05-22T22:25:41.054Z

PhoenixPeca:

I have included these revers proxy settings properly… But why does it still show my Reverse Proxy server’s IP Address (hostname to be specific)

Probably you need to remove the same definitions from docker, modify your app.yml and rebuild:

run:
  - exec: echo "Beginning of custom commands"

  - replace:
       filename: /etc/nginx/conf.d/discourse.conf
       from: $proxy_add_x_forwarded_for
       to: $http_fastly_client_ip
       global: true

  - exec:
       cmd:
         - sed -i 's/client_max_body_size 10m ;/client_max_body_size 100m ;/g' /etc/nginx/conf.d/discourse.conf
         - sed -i '/proxy_set_header X-Real-IP $remote_addr;/d' /etc/nginx/conf.d/discourse.conf
         - sed -i '/proxy_set_header X-Forwarded-For $http_fastly_client_ip;/d' /etc/nginx/conf.d/discourse.conf
         - sed -i '/proxy_set_header X-Forwarded-Proto $scheme;/d' /etc/nginx/conf.d/discourse.conf

  - exec: echo "End of custom commands"

This block has 100m limit for max_body_size as well (the first sed command makes a replacement). The other sed commands remove lines from discourse.conf inside docker before container starts.

JammyDodger · 2022-10-08T10:10:53.087Z