search

qbittorrent / qBittorrent

qBittorrent BitTorrent client
https://www.qbittorrent.org
Other
27.8k stars 3.93k forks source link

web ui cannot The web UI cannot correctly identify the source IP of the reverse proxy by nginx #20933

Closed hydra24-njus closed 4 months ago

hydra24-njus commented 4 months ago

qBittorrent & operating system versions

qBittorrent v4.6.4 Web UI (64-bit) Qbittorrent container from linuxserver.io OS: DSM 7.2.1 qt: | 6.6.3 Libtorrent: | 2.0.10.0 Boost: | 1.84.0 OpenSSL: | 3.3.0 zlib: | 1.3.1

What is the problem?

I have checked https://github.com/qbittorrent/qBittorrent/issues/15582#issue-1028030368 (and other related issues)and use NGINX Reverse Proxy for Web UI to setup my nginx, but when I login qbit web ui, it still report that WebAPI login successful. IP:::ffff:192.168.1.1. here is my network abstract an openwrt ,with lan 192.168.1.1/24, wan 172.26.109.135/17 (This is actually a school's local area network) a nas, 192.168.1.114, and in Docker, qBittorrent uses host mode and listens on port 8080. I have a domain name resolved to 172.26.109.135, which I can access through the school's local area network (LAN).

server {
        listen 443 ssl;
        ssl_certificate /etc/nginx/conf.d/kakaa.icu.cer;
        ssl_certificate_key /etc/nginx/conf.d/kakaa.icu.key;
        server_name qbit.kakaa.icu;
        location / {
                proxy_pass http://192.168.1.114:8080/;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-Host $http_host;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header X-Forwarded-Proto $scheme;
        }
}

I need some help setting up "skipping authentication for clients in the IP subnet whitelist.". I wish when When I'm on the LAN, logging into the web UI doesn't require authentication. And I want all login requests under WAN to require authentication, as it's exposed to other teachers and students

Steps to reproduce

when I at 192.168.1.1/24, access qbit.kakaa.icu, the login ip in webui is 192.168.1.1, at 172.26.1.1/17 is the same source ip. but if I'm in 192.168.1.1/24 and access qbit by 192.168.1.114:8080, It correctly displayed my source IP address.

Additional context

I also run a speedtest server docker on my nas, use the similar config with different domain name. this server could display source ip correctly.

server {
        listen 443 ssl;
        ssl_certificate /etc/nginx/conf.d/kakaa.icu.cer;
        ssl_certificate_key /etc/nginx/conf.d/kakaa.icu.key;
        server_name speed.kakaa.icu;
        location / {
                proxy_pass http://192.168.1.114:12345;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
        }
}

image image

Log(s) & preferences file(s)

No response

HanabishiRecca commented 4 months ago

This shouldn't be an issue with proper routes configuration.

Try to remove setting of X-* headers from your config, I guess. Why you even need them?

hydra24-njus commented 4 months ago

I fixed this by update to qbittorrent 4.6.5