Open bnkas opened 2 years ago
For everyone who stumbles across this: You can also install another nginx on your system and let it handle the proxy protocol:
# /etc/nginx/nginx.conf
stream {
upstream btcpayserver {
server 127.0.0.1:443;
}
server {
listen 1443 proxy_protocol;
listen [::]:1443 proxy_protocol;
proxy_pass btcpayserver;
}
}
Since BTCPay Docker already allows a user to easily enable the use of Nginx as reverse proxy, it is fairly simple to allow Nginx to properly get real client IP address when the user fronts BTCPay by a TCP (not HTTP) proxy such HAProxy, Cloudflare Spectrum, etc.
To enable Proxy Protocol in Nginx, the following settings must be set in the docker Nginx default.conf file:
Note: 10.10.10.1/24 is an input that would need to come from user.
I suggest creating a new docker env variable (or two) to allow the user to enable Proxy Protocol in Nginx conf file and provide the "set_real_ip_from" value to be used.
I also understand that BTCPay Docker supports Traefik as reverse proxy, which supports proxy protocol as well. So this feature can apply there too.
Thanks.