search

BobbyWibowo / lolisafe

Blazing fast file uploader and awesome bunker written in node! 🚀
MIT License
317 stars 56 forks source link

[BUG] Wrong IPs reported? #69

Closed rubenmdh closed 4 years ago

rubenmdh commented 4 years ago

Hello, it seems that lolisafe doesn't report the correct IPs on the "Manage uploads" tab from the admin interface. All the uploads have the same IP: ::ffff:127.0.0.1

I am not sure if this has something to do with nginx not passing the correct IP to the lolisafe daemon or if it is an error of lolisafe itself.

I am using the nginx config sample provided by lolisafe and nginx logs show the real visitor's address. Here is a sample of the access.log of nginx.

37.14.X.X - - [22/Oct/2019:13:15:51 +0200] "GET /js/dashboard.js HTTP/2.0" 304 0 "https://[REDACTED]/dashboard" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"
37.14.X.X - - [22/Oct/2019:13:15:51 +0200] "GET /images/logo.png HTTP/2.0" 304 0 "https://[REDACTED]/dashboard" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"
37.14.X.X - - [22/Oct/2019:13:15:51 +0200] "GET /js/misc/utils.js HTTP/2.0" 304 0 "https://[REDACTED]/dashboard" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"
37.14.X.X - - [22/Oct/2019:13:15:52 +0200] "POST /api/tokens/verify HTTP/2.0" 200 110 "https://[REDACTED]/dashboard" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"
37.14.X.X - - [22/Oct/2019:13:15:52 +0200] "GET /api/albums/sidebar HTTP/2.0" 304 0 "https://[REDACTED]/dashboard" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"
37.14.X.X - - [22/Oct/2019:13:15:55 +0200] "GET /api/uploads/0 HTTP/2.0" 200 1070 "https://[REDACTED]/dashboard" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"

Any help is appreciated.

BobbyWibowo commented 4 years ago

If you use nginx (or any http servers for that matter), you're actually using it as a reverse proxy for the node server. Which means you need to set trustProxy in config.js to true as well. You only set trustProxy to false when the node server itself communicates directly with clients (no local http server acting as reverse proxies, no CDNs like Cloudflare, etc). I'll update the comments in the sample config file at a later date, cause it seems I only mentioned CDNs.

rubenmdh commented 4 years ago

Oh, my bad. Setting trustProxy to true did the trick.

Thanks! Closing this now.