Panel does not correctly handle X-Forwarded-For

[ItzExotical]

Current Behavior

The panel does not care about the X-Forwarded-For header provided by Caddy among other web servers, resulting in the panel getting the user's IP wrong (if a service like Cloudflare is used).

Expected Behavior

The panel should get the user's actual IP and store that in logs too.

Steps to Reproduce

Sorry, but I think this one is quite straightforward.

Panel Version

1.0.0-beta6

Wings Version

1.0.0-beta3

Games and/or Eggs Affected

No response

Docker Image

No response

Error Logs

No response

Is there an existing issue for this?

• [X] I have searched the existing issues before opening this issue.
• [X] I have provided all relevant details, including the specific game and Docker images I am using if this issue is related to running a server.
• [X] I have checked in the Discord server and believe this is a bug with the software, and not a configuration issue with my specific system.

[Boy132]

You need to set the TRUSTED_PROXIES in your .env file. Then it'll show the real ip. See https://pelican.dev/docs/panel/config#reverse-proxy-setup

[ItzExotical]

Oh well, I totally missed that. What about wings? Still shows proxy IP for server events, such as opening and writing to files.

[Boy132]

Wings also has a config option for that. api.trusted_proxies

[Boy132]

I'm going to close this. If you still have problems with it showing the wrong ip you should visit the Discord and open a support thread. But setting the trusted proxies config vars should work.

[ItzExotical]

I set TRUSTED_PROXIES to 127.0.0.1 in my .env and it still showed the Cloudflare IP and not my IP. I even tried setting it to wildcard but same thing there. X-Forwarded-For exists and is properly set to the real connecting IP of the client, but Pelican is not handling it correctly it looks like.

[Boy132]

Because 127.0.0.1 is wrong, you need to set it to the cloudflare ips as described in the docs. At this point please visit the Discord for support.