pgjones
commented
6 months ago Hopefully d264794d09fd8de4172623eec459a2efe31257ad makes this clearer. In your case it should like two proxies set the header before Hypercorn, so the value should be trusted_hops = 2.
Also, how do I get it to log the client IP? as the remote ip using the %(h)s format string still gives me the reverse proxy IP and not the real client IP.
Hypercorn logs before the middleware makes the proxy fix changes (middleware is for the ASGI app). %({x-forwarded-for})i gives the full header.
I am not sure I understand trusted hops here: https://github.com/pgjones/hypercorn/blob/main/src/hypercorn/middleware/proxy_fix.py#L77
If I just have one nginx reverse proxy in front of my web server cluster, is this value 1 or 2. I am using Cloud Run which is putting two IPs in the x-forwarded-for http header. Since it is picking the last value, that is not the client. So I guess in my case, I need to use trusted_hops = 2.
Also, how do I get it to log the client IP? as the remote ip using the
%(h)sformat string still gives me the reverse proxy IP and not the real client IP.