-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AGH no longer accepts X-Real-IP headers from trusted proxies #5768
Comments
Same issue here, I can see all headers are sent correctly:
My install is on Docker with Traefik doing a TCP proxy for 53 and standard https proxy for /dns-query trusted_proxies:
- 127.0.0.1/32 Is this an issue because the proxy IP is localhost? I know Plex decided to now acknowledge the headers unless it's an RFC1918 address |
@immtelecom, hello and apologies for late response. The |
ImmTelecom is using Nginx, I am using Traefik. Personally I have tried setting trusted_proxies using CIDR notation as well as a standard IP address. My Traefik proxy is on the host network let's say 172.16.0.5 and then if I do a HTTPS proxy to adguardhome with the X-Forwarded-For and X-Real-IP headers set, even with trusted_proxies having 127.0.0.1/32 and 172.16.0.5/32, all of the requests show as coming from the Traefik proxy themselves and not the original machine that is in the X-Forwarded-For and X-Real-IP header. |
@dontcrash, indeed, sorry for confusing. Could you please collect a verbose log for us? It'll show the real IP addresses and headers the AGH receives. You may send it to devteam@adguard.com, optionally redacted. @immtelecom, the same questions are relevant for Nginx. |
This configuration worked fine before.
No longer works properly after recent updates I added |
I don't know how this happened. But when I set 10.0.12.7 to trusted_proxies the problem was solved |
@immtelecom, the |
@EugeneOne1 I don't use Docker. everything is done in one system, no containers. In netstat, nginx does use the 127.0.0.1 address to connect to AGH, but AGH shows that the connection is coming from 10.0.12.7. It's a bit complicated, and I don't know what's causing this I will close this issue, it should not be a problem with AGH |
@EugeneOne1 I also have this problem. In my case Nginx and AdGuard installed at the same machine. AdGuardHome.yaml:
nginx config:
AdGuard Home GUI: Don't understand... |
For some reason my Nginx was using public IP instead of local. So I used |
I finally found out what was causing this problem today
After removing the iptables rule, everything is back to normal, no more packets from 10.0.12.7 to 127.0.0.1 |
i think i am just to lazy
|
Prerequisites
I have checked the Wiki and Discussions and found no answer
I have searched other issues and found no duplicates
I want to report a bug and not ask a question
Operating system type
Linux, Other (please mention the version in the description)
CPU architecture
AMD64
Installation
Custom port
Setup
On one machine
AdGuard Home version
v0.107.29
Description
What did you do?
I set up AdGuard Home with DoH, and I use Nginx to reverse proxy AdGuard Home's DoH
Expected result
The client IP address shown in the query log should be the real IP address of the client
Actual result
All are the IP addresses of my server
Screenshots (if applicable)
Additional information
There was no problem with previous versions, and in recent versions it started to do so. I thought someone would raise this issue
The text was updated successfully, but these errors were encountered: