Real IP is not shown behind a reverse proxy in the logs

[LePresidente]

Expected behavior and actual behavior: When running goharbor behind a reverse proxy, it shows the incorrect ip (docker ip) in the logs instead of the external ip

Steps to reproduce the problem: Just run the system behind any reverse proxy will result in the following logs

Nov 26 14:08:57 172.22.0.1 core[988]: 2020-11-26T14:08:57Z [ERROR] [/core/controllers/base.go:109]: Error occurred in UserLogin: Failed to authenticate user, due to error 'Invalid credentials'

Versions: Please specify the versions of following systems.

• harbor version: 2.4.1
• docker engine version: 20.10.12
• docker-compose version:1.24.1

Additional context:

This can be fixed in goharbor/nginx-photon by adding the following to the server block and adding the following nginx module http_realip_module

set_real_ip_from 172.0.0.0/8;
real_ip_header X-Forwarded-For;
real_ip_recursive on;

[LePresidente]

Looks like this is unlikely unless goharbor uses a custom nginx build on proton.

https://github.com/vmware/photon/issues/1055

[github-actions[bot]]

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

[Razniak]

Hello, any update about this?

[bmunro-peralex]

Still waiting on upstream, looks like it will be done soon though

[LePresidente]

https://github.com/vmware/photon/commit/9a0015a7962be202ba10fbe0c3bc262624fd1400

[LePresidente]

Tested in 2.8.1

May 16 11:25:57 172.24.0.1 proxy[1160]: [REDACTED] - "GET /api/v2.0/users/current HTTP/1.1" 401 62 "https://[REDACTED]/account/sign-in?redirect_url=%2Fharbor%2Fprojects" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36 Edg/113.0.1774.42" 0.005 0.004 .

correct external IP is shown now when adding the above options to nginx.conf

This can be closed