Snapweb behind ngnx proxy - client IP

badaix / snapweb

Web interface for Snapcast

GNU General Public License v3.0

95 stars 32 forks source link

Snapweb behind ngnx proxy - client IP #54

Open MG-Sky opened 11 months ago

MG-Sky commented 11 months ago

Hello I've been trying to fix the information on the web about client real IP behinds the proxy, but app constantly shows NGX NPM IP (one ip), instead of the client's, here is my setup (few versions i have tried):

` location / { set $upstream http://192.168.xxxx:1780; proxy_pass $upstream;

   # Basic Proxy Config
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $server;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $http_host;
    proxy_set_header X-Forwarded-Uri $request_uri;
    proxy_set_header X-Forwarded-Ssl on;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "upgrade";
   proxy_redirect  http://  $scheme://;
    proxy_http_version 1.1;
    proxy_set_header Connection "";

}`

do you know how i can pass Client real IP to the Snapcast behind proxy?

bendschs commented 7 months ago

the following nginx config is working for me. it contains ssl transport encryption and a basic auth (which is configured in .htpasswd file).

server {
  listen 443 ssl;
  #listen [::]:443;
  server_name snap.domain.com;

  ssl_certificate /etc/letsencrypt/live/snap.domain.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/snap.domain.com/privkey.pem;
  ssl_ciphers "XXXXXXXXXXXXXXXXXXXXXXX";
  ssl_prefer_server_ciphers on;
  ssl_session_cache builtin:1000 shared:SSL:10m;
  ssl_session_timeout 1d;

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always;
  proxy_http_version 1.1;
  proxy_read_timeout 600s;
  proxy_set_header HOST $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Port $server_port;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";

 location /
{
   auth_basic "Username and Password Required";
   auth_basic_user_file  /etc/nginx/.htpasswd;
    proxy_pass http://192.168.2.10:1780;
    }
}

mStirner commented 2 months ago

Hello I've been trying to fix the information on the web about client real IP behinds the proxy, but app constantly shows NGX NPM IP (one ip), instead of the client's, here is my setup (few versions i have tried):

` location / { set $upstream http://192.168.xxxx:1780; proxy_pass $upstream;
   # Basic Proxy Config
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $server;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $http_host;
    proxy_set_header X-Forwarded-Uri $request_uri;
    proxy_set_header X-Forwarded-Ssl on;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "upgrade";
   proxy_redirect  http://  $scheme://;
    proxy_http_version 1.1;
    proxy_set_header Connection "";

}`
do you know how i can pass Client real IP to the Snapcast behind proxy?

You are setting the "X-real-Ip" to $server which is undefined. Set it to $remote_addr