X-Forwarded-For, Trust Proxy Setting

bitly / oauth2_proxy

A reverse proxy that provides authentication with Google, Github or other provider

MIT License

5.1k stars 1.21k forks source link

X-Forwarded-For, Trust Proxy Setting #519

Open ekristen opened 6 years ago

ekristen commented 6 years ago

I run oauth2_proxy behind haproxy, as haproxy are my edge servers. Unfortunately this means that oauth2_proxy records the client IP as the haproxy IP instead of what's in the x-forwarded-for header.

I would ask that a flag be added to tells oauth2_proxy to trust x-forwarded-for header and record that value as the client ip.

Thank you.

ploxiln commented 6 years ago

oauth2_proxy currently supports the X-Real-IP header. X-Forwarded-For is admittedly more conventional. But if you want support today, you can configure haproxy to set the X-Real-IP header.

ekristen commented 6 years ago

Thanks for the workaround!

TimWolla commented 6 years ago

@ekristen I run haproxy at the edge as well and re-implemented the nginx auth_request directive for haproxy in Lua to not pass all the traffic through oauth2_proxy. It might fit your needs as well:

Repository: https://github.com/TimWolla/haproxy-auth-request Hacker News: https://news.ycombinator.com/item?id=16188744