Reverse proxy log with localhost

[znooopy]

Hi Hellowlol,

For start, thank you to your working, very great!

I'm using your HTPC-Manager with a nginx reverse web server.

I want to check HTPC-Manager logs for ban undesirables clients, but I have some pb in the log: IP address is 127.0.0.1 instead of real ip address.

Nginx conf: proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:8085;

I have see on HTPC manager configuration, an option "Rev proxy headers basepath". Maybe I need to use this option, but don't know what parameter....

Thanks

paul

[znooopy]

I see in code: "libs/cherrypy/lib/cptools.py: By default, 'remote' is set to 'X-Forwarded-For'."

So, I don't need to configure option?!

[Hellowlol]

Hi. Honestly I can't even remember how this was, but if memory servers me right check use rev proxy header and don't write any thing in the rev proxy base path and restart htpc manager

[znooopy]

What do you mean by "rev" proxy header? According to this doc, the header is well configured:

I try this: proxy_pass http://127.0.0.1:8085; proxy_redirect off; proxy_set_header Host 172.99.100.1; proxy_set_header X-Real-IP 172.99.100.1; proxy_set_header X-Forwarded-For 172.99.100.1; proxy_set_header X-Forwarded-Host 172.99.100.1;

Or just: proxy_pass http://127.0.0.1:8085; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr;

Nothing is configured in HTPC Manager about headers.

I see also:

To pass a request to a non-HTTP proxied server, the appropriate **_pass directive should be used: fastcgi_pass passes a request to a FastCGI server uwsgi_pass passes a request to a uwsgi server scgi_pass passes a request to an SCGI server memcached_pass passes a request to a memcached server

I see CherryPy in the log, and maybe I can connect nginx to a different method? (fastcgi?)

thanks,

paul

2017-02-17 18:31 GMT+01:00 Hellowlol notifications@github.com:

Hi. Honestly I can't even remember how this was, but if memory servers me right check use rev proxy header and don't write any think in the rev proxy base path.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Hellowlol/HTPC-Manager/issues/535#issuecomment-280714616, or mute the thread https://github.com/notifications/unsubscribe-auth/AYpkAnVyQzD2qrVb_uQjNL-gtpgpUakfks5rddmDgaJpZM4MEWdI .

[Hellowlol]

I was referering to rev proxy header inside htpc manager settings.

[znooopy]

Ok this is work now!

with this header: proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

many thanks :)

paul

2017-02-17 20:05 GMT+01:00 Hellowlol notifications@github.com:

I was referering to rev proxy header inside htpc manager settings.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Hellowlol/HTPC-Manager/issues/535#issuecomment-280738142, or mute the thread https://github.com/notifications/unsubscribe-auth/AYpkAkYnOH2v6fmu66eI3ziy15xxXkOlks5rde-NgaJpZM4MEWdI .

[znooopy]

After recheck, I'm login with locahost without header enable on interface. If I enable feature, I'm redirect to 127.0.0.1:8085 and cannot see interface (with nginx reverse proxy).

[znooopy]

I have installed a virtual machine in other environment.

HTPC Manager, is running. I set login/password for login.

From outside, I go on my reverse nginx who is reverse proxy to HTPC (127.0.0.1:8085). I try a bad authentification, output log is: "2017-02-26 02:19:58 :: authentication :: WARNING :: Failed login attempt with username: Ddf password: from IP: 127.0.0.1"

Now I active in settings "Use rev proxy headers", save and restart from interface. I try a bad authentification, and it's works: "2017-02-26 02:23:20 :: authentication :: WARNING :: Failed login attempt with username: R password: from IP: 85.12.68.57"

I try again few second ago, but it does no work at all! I'm reverse to "http://127.0.0.1:8085/auth/login".

I precise, when "Use rev proxy headers" isn't active, url is "http://mydomain/auth/login.

I don't understand why this is work few seconds...

Testing conf:

nginx: /etc/nginx/conf.d/proxy.conf: proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

/etc/nginx/sites-enabled/default: server { listen 80 default_server; listen [::]:80 default_server;

    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name _;

    location / {

proxy_pass http://127.0.0.1:8085;

[Hellowlol]

What does not work at all? Isnt the external ip showed or cant you access htpc manager at all?

[znooopy]

I can't acces to htpc manager.

2017-02-26 14:21 GMT+01:00 Hellowlol notifications@github.com:

What does not work at all? Isnt the external ip showed or cant you access htpc manager at all?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Hellowlol/HTPC-Manager/issues/535#issuecomment-282555560, or mute the thread https://github.com/notifications/unsubscribe-auth/AYpkAiy_ADGbvLBJhSywi7cVQqkGQuKLks5rgXxxgaJpZM4MEWdI .

[strikerjjb]

@znooopy @Hellowlol This is what I use for my nginx proxy conf and I don't click the rev proxy headers:

General Settings

client_max_body_size 10m;
client_body_buffer_size 128k;

Timeout if the real server is dead

proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

Advanced Proxy Config

send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;

Basic Proxy Config

proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect  http://  $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

[znooopy]

@strikerjjb

I run this conf, but log are "127.0.0.1", without header HTPC log proxy IP and not client.

[Hellowlol]

I don't understand why you shouldn't get access. Does it work if you access htpc manager via the local up?

[strikerjjb]

@znooopy so you are trying to track the different client IP's hitting the server?

[znooopy]

Via the local machine its work (127.0.0.1 reply) I try with some clients local / out off my network... I can get you an acces to my lab if you want.

[znooopy]

@strikerjjb

Yes with proxy header!

2017-02-27 5:27 GMT+01:00 strikerjjb notifications@github.com:

@znooopy https://github.com/znooopy so you are trying to track the different client IP's hitting the server?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Hellowlol/HTPC-Manager/issues/535#issuecomment-282625390, or mute the thread https://github.com/notifications/unsubscribe-auth/AYpkAnIkwkIAWjnyRl3a_kNZMMwoJG9mks5rglChgaJpZM4MEWdI .

[znooopy]

No more? :(

[Hellowlol]

I have no idea why you cant get this to work. Im gonna setup a reverse proxy and try myself.

[znooopy]

ok thank you very well.

2017-03-04 13:58 GMT+01:00 Hellowlol notifications@github.com:

I have no idea why you cant get this to work. Im gonna setup a reverse proxy and try myself.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Hellowlol/HTPC-Manager/issues/535#issuecomment-284149984, or mute the thread https://github.com/notifications/unsubscribe-auth/AYpkAl1emp1J27ybNYOY-qM9h2k86YBSks5riV_4gaJpZM4MEWdI .