Reverse proxy for Discourse | Real IP masking

I want to setup a reverse proxy that will work correctly with Discourse. My goal is to mask the real IP address of the server.

What features do I need to buy a server for this?

What should I do for the reverse proxy server and what should I do for the discourse server.

Can you help with the steps to follow?

I couldn’t find an understandable guide for non-professionals like me.

I wish this topic to be a guide for new users.

I ask for your help. Thanks in advance. Respect.

1 Like

This is not my area of expertise and nothing comes to mind when I read these topics.

I actually wanted to create a step-by-step guide for this. Both for me and for non-experts like me.

Thanks anyway.

Use this guide and change the proxy_pass line to the IP address of the real Discourse installation.


Also remember to add correct set_real_ip_from directives in the Discourse container for the frontend’s ipv4 and ipv6 addresses. (See cloudflare.template.yml for an example)


Maybe you want cloudflare? I think you may need to make sure that mail doesn’t expose your ip.

Unless you have reason to believe that people hate you or your forum, it’s likely a waste of time.

1 Like

I will try these. Thanks.

1 Like

Thanks for your reply. I’m using an external smtp server and a different CDN.

Cloudflare is not enough to hide the IP address. iplogger. It is possible to learn the IP address in tools such as org. I couldn’t see anything in the discourse settings to prevent this. So iplogger. Thanks to a link taken from the org address, it is possible to learn the real IP address of the server at the entry points of the forum.

I’m thinking of using Discourse for a political party. Those with opposing views try too many avenues of attack. I need to build this forum solid.

Here’s what I pictured in my mind;

VPS - (discourse installed- external cdn, external smtp) — > reverse proxy (HAProxy- layer 7 ddos - reverse proxy) — > cloudflare

To stop using HAProxy / Reverse proxy, I need to ban URL in the forum. I don’t know how to prevent this from all inputs.

Thaks. Respect.

It should be, if Cloudflare can’t hide it then your reverse proxy also cannot. But it’s possible, so you must have a configuration mistake somewhere. What do you mean with “such as org” ?


Actually, I’m talking about the above. A URL can be created with the help of the tool available at “”. When you take this URL and place it in the thread in the discourse forum, you can learn the real IP address of the server. Because the VPS where discourse is installed is making a direct request to the connection placed inside the topic. This allows the server’s real IP address to be exposed.

In the topic below, it says that a proxy server should be set up for outgoing requests from the server.

1 Like

I wrote it with the help of a translation. Sorry for the typo. My English is not very good.

Also, after putting cloudflare in front of the VPS, the IP address of the server is masked. There is no problem here.

However, the outgoing request from the server shows the ip address. “” does the job of exposing the IP address very well.

If this is due to misconfiguration it would be great to know how to fix it.

An end-to-end guide will help many people.


I think you fix it by having your firewall allow connections only from cloudflare servers. This way it will not matter if your ip address is known.

1 Like

Thanks for your answer. What you say is theoretically correct. But it is not technically correct and sufficient.


How do I get the outgoing traffic from the VPS to go through CloudFlare?

You need a proxy server for that, not a reverse proxy. You can Google for “free proxy server” to find some, or run something like Squid on a vm that allows ssh only from your ip, perhaps behind a bastion.

I’m not quite sure how to configure discourse to use it, but it might be as simple as setting an env variable.