search

smallstep / certificates

🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
https://smallstep.com/certificates
Apache License 2.0
6.81k stars 445 forks source link

Logging middleware logs real/originating IP address #1995

Closed leonweecs closed 2 months ago

leonweecs commented 2 months ago

Hello!

Issue details

step-ca's logging middleware logs the client's IP address under remote-address field for each incoming requests, the value is taken directly from Request.RemoteAddr of Go's net/http.

The problem arises when step-ca is sitting behind a reverse proxy, the IP address of the proxy is logged instead of the actual client.

Why is this needed?

In the case where reverse proxy is used, the remote-address field is more useful for analysis/debugging/reporting when it is the real client IP.

leonweecs commented 2 months ago

I am keen to give this a go, feel free to assign this issue to me 😁