Last IP shows Reverse Proxy IP address

Hi,

I have researched quite a lot but nothing seems to work with me.

I have a discourse setup installed. And I have this remote reverse proxy server that acts as a HTTPS layer between the user and the main discourse server…

I have included these revers proxy settings properly… But why does it still show my Reverse Proxy server’s IP Address (hostname to be specific)

1 Like

The nginx running in the container does not trust headers set by the proxy.

5 Likes

Hi @schleifer,

Can you guide me on this? I have looked into these files, seems too fragile to manipulate on a production environment.

Thanks!

You only need the last part - inserting set_real_ip_from <CIDR>; to the nginx.conf. The other parts are more complicated to support Cloudflare adding new IPs.

3 Likes

If you have a single IP for the proxy, something like:

    - replace:
        filename: /etc/nginx/conf.d/discourse.conf
        from: "types {"
        to: |
          set_real_ip_from 192.168.0.1;
          real_ip_header X-Forwarded-For;
          real_ip_recursive on;
          types {

3 Likes

Probably you need to remove the same definitions from docker, modify your app.yml and rebuild:

run:
  - exec: echo "Beginning of custom commands"

  - replace:
       filename: /etc/nginx/conf.d/discourse.conf
       from: $proxy_add_x_forwarded_for
       to: $http_fastly_client_ip
       global: true

  - exec:
       cmd:
         - sed -i 's/client_max_body_size 10m ;/client_max_body_size 100m ;/g' /etc/nginx/conf.d/discourse.conf
         - sed -i '/proxy_set_header X-Real-IP $remote_addr;/d' /etc/nginx/conf.d/discourse.conf
         - sed -i '/proxy_set_header X-Forwarded-For $http_fastly_client_ip;/d' /etc/nginx/conf.d/discourse.conf
         - sed -i '/proxy_set_header X-Forwarded-Proto $scheme;/d' /etc/nginx/conf.d/discourse.conf

  - exec: echo "End of custom commands"

This block has 100m limit for max_body_size as well (the first sed command makes a replacement). The other sed commands remove lines from discourse.conf inside docker before container starts.

2 Likes