Currently, as a fallback for the client failing to provide its public IP address when connecting to the server, the server will instead extract the IP address from the connection stream, when the server is NOT behind a reverse proxy this solution works well, however if the server is behind a reverse proxy it will mean that every connected client's public IP address will be set to the IP address of the reverse proxy server rather than the actual user meaning that attempting to connect to other players will simply silently fail.
Description
Currently, as a fallback for the client failing to provide its public IP address when connecting to the server, the server will instead extract the IP address from the connection stream, when the server is NOT behind a reverse proxy this solution works well, however if the server is behind a reverse proxy it will mean that every connected client's public IP address will be set to the IP address of the reverse proxy server rather than the actual user meaning that attempting to connect to other players will simply silently fail.
Solution
The solution is to add an additional middleware extractor layer around the connection stream IP address extraction to support the https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/, https://doc.traefik.io/traefik/getting-started/faq/#what-are-the-forwarded-headers-when-proxying-http-requests Forwarded header set by reverse proxies, this feature should be gated by a configuration variable so that the server won't listen to the forwarded header unless a reverse proxy is used
Checklist