Reverse proxy X-Forwarded-For

Eviepayne · 17 mei 2026 om 04:27

I recently migrated my forum to a much more performant host, and I am working towards high availability.

in the reverse proxy I added the Forward Proto and For headers but the nginx configuration on the discourse only respected the Proto.

I had to add under server:

set_real_ip_from loadbalancerip;
real_ip_header X-Forwarded-For;

Is there a discourse envvar to add these?
or possibly a argument to add to app.yml?

darkpixlz · 17 mei 2026 om 05:34

I believe this is what you’re looking for:

Eviepayne · 17 mei 2026 om 05:44

No this guide explains how to setup an nginx socket that’s shared between the container and host.

I’m trying to find a declarative way to include:

set_real_ip_from loadbalancerip;
real_ip_header X-Forwarded-For;

In the nginx configuration in containers after rebuild.

darkpixlz · 17 mei 2026 om 05:47

You’re trying to add this to the container’s internal nginx? I believe that’s unnecessary because it’s added by default:

github.com/discourse/discourse

config/nginx.sample.conf

main


      
          
          # auth_basic on;
          # auth_basic_user_file /etc/nginx/htpasswd;
          
          # proxy_set_header directives are inherited from the previous configuration
          # level if and only if there are no proxy_set_header directives defined on
          # the current level.
          proxy_set_header Host $http_host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Request-Start "t=${msec}";
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $thescheme;
          proxy_set_header X-Sendfile-Type "";
          proxy_set_header X-Accel-Mapping "";
          proxy_set_header Client-Ip "";
          
          location ~ ^/uploads/short-url/ {
            proxy_pass http://discourse;
            break;
          }

Eviepayne · 17 mei 2026 om 05:56

This line is needed for that to work.
Without it all the requests are still the loadbalancer IP.
I know because my discourse was down for 429 errors.

In case it’s not clear this is my infra:
user > haproxy > discourse

Discourse of course includes an nginx rproxy

I included the forwarding headers in haproxy but the discourse internal nginx was not respecting forwarded for. I had to add the 2 lines in my OP and restart the container for it to work.

Lilly · 17 mei 2026 om 15:28

are you using a 2-containter build?

i don’t think there is built-in env variable for custom load balancer IPs, because nginx doesn’t natively read those vars for the server block.

also, if you manually edited the nginx config inside the running container, it will be wiped out the next time you rebuild.

i think in order to make it permanent and survive rebuilds, you need to use the replace command in your app.yml (or web_only.yml if dual container) - scroll to the very bottom of your .yml file to the run: section, and add this block. it tells the discourse builder to automatically inject your real ip settings after the server { block opens:

run:
  - replace:
      filename: /etc/nginx/conf.d/discourse.conf
      from: /server.+{/
      to: |
        server {
          set_real_ip_from 192.168.1.100; ## Replace with your actual load balancer ip/subnet
          real_ip_header X-Forwarded-For;
          real_ip_recursive on;

(make sure indentation and spacing match the rest of run block, yml files are super strict)

Topic		Antwoorden	Weergaven
Last IP shows Reverse Proxy IP address Support	6	2474	8 oktober 2022
Rate Limiting w/ Reverse Proxy Self-hosting	3	706	16 november 2021
Discourse reports user ips as the load balancer Development	8	1518	2 juni 2016
Discourse socketed: Nginx in front of discourse: no IP adresses Self-hosting	6	2717	5 oktober 2018
Cloudflare Real-IP via Apache Self-hosting	4	1311	5 mei 2019

Reverse proxy X-Forwarded-For

Gerelateerde topics