get real ip of user - Githubissues

docusealco / docuseal

Open source DocuSign alternative. Create, fill, and sign digital documents ✍️

https://www.docuseal.co

GNU Affero General Public License v3.0

5.55k stars 369 forks source link

get real ip of user #301

Open xcojonny opened 6 days ago

xcojonny commented 6 days ago

Hej,

I'm having a trouble with the ip of a client signing documents. My instance is using docker and traefik as a reverse proxy. Everything is behind a cloudflare proxy (cf-ip: IP of cloudflare proxy)

using whoami i have the following header:

X-Forwarded-For: client-ip, cf-ip
X-Forwarded-Host: whoami.xx
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: 3724637697f5hb
X-Is-Trusted: yes
X-Real-Ip: client-ip

when i have a look in the audit log, then the client-ip is equal to the cf-ip and not as I would expect to the client-ip.

Any ideas on that?

meonkeys commented 6 days ago

My server log has a fwd property in a JSON portion of the message that appears to have the correct client IP address.

Example (redacted):

I, [2024-06-28T16:28:03.204568 #1]  INFO -- : [f3x27b69-10e2-466b-9b99-5bdb01b85caa] {"method":"GET","path":"/","format":"turbo_stream","controller":"DashboardController","action":"index","status":200,"allocations":31816,"duration":77.39,"view":0.0,"db":0.0,"fwd":"123.456.789.10"}

I'm also using Docker and Traefik, but not cloudflare.

xcojonny commented 6 days ago

When bypassing cf, then everything is working fine, since the function mentioned above uses the last ip-address of the x-forwarded-for header and every hop by a proxy adds the ip at the end of the header.