search

azukaar / Cosmos-Server

☁️ The Most Secure and Easy Selfhosted Home Server. Take control of your data and privacy without sacrificing security and stability (Authentication, anti-DDOS, anti-bot)
https://cosmos-cloud.io
Other
2.96k stars 105 forks source link

[FEAT]: Support reverse proxy headers for forwarded #253

Open daufinsyd opened 1 month ago

daufinsyd commented 1 month ago

What happened?

Hi,

I set up cosmos behind a nginx proxy, configured to forward the real client IP 

         set_real_ip_from        10.1.0.0/30;
         real_ip_header          proxy_protocol;
         proxy_set_header        Host            $host;
         proxy_set_header        X-Real-IP       $proxy_protocol_addr;
         proxy_set_header        X-Forwarded-For $proxy_protocol_addr;

However Cosmos only see the Nginx Proxy's IP, not the original client preventing the IP Whitelist to operate as desired on the URL.

I can't find help in the documentation, how should cosmos be configured to use headers client IP to match the Whitelist IP Rule.

Thanks !

What should have happened?

Cosmos Proxy should detect / use real client IP instead of the Nginx one.

How to reproduce the bug?

  1. Go to URL
  2. Create a new Proxy URL
  3. enter Whitelist IP in Advanced Security

Relevant log output

No response

Other details

The nginx reverse proxy itself is behind another proxy using the proxy_protocol to retrieve the source client IP. Nginx sees the correct client IP. This part is working as expected.

System details

azukaar commented 1 month ago

This is not a bug Cosmos does not support forwarded IPs headers, renaming ticket into FEAT