permit_remote_admin_login doesn't work behind nginx

devsnd / cherrymusic

Stream your own music collection to all your devices! The easy to use free and open-source music streaming server.

http://www.fomori.org/cherrymusic

GNU General Public License v3.0

1.03k stars 189 forks source link

permit_remote_admin_login doesn't work behind nginx #688

Open neunenak opened 6 years ago

neunenak commented 6 years ago

When running cherrymusic on localhost on an unprivileged port and using nginx's proxy_pass functionality to expose it to the outside world, all requests look like they are coming from localhost. So in this use case, permit_remote_admin_login does absolutely nothing to prevent admin from logging in remotely.

oddmean commented 6 years ago

Try adding proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; "into location /" block