Support for reverse proxies in audit log

[Cave-Johnson]

Is there a way to to use X-Forwarded-for headers in the audit log for IP addresses?

My bookstack instance is behind an nginx reverse proxy that handles SSL/TLS, in the audit log it shows up as the proxy IP address rather than the actual clients IP address

[Cave-Johnson]

This is probably similar to #2762 however I am seeing this in the audit log

[ssddanbrown]

Hi @Cave-Johnson,
Can you try setting the APP_PROXIES option and let me know if that works for you?:

BookStack/.env.example.complete

Lines 45 to 51 in ca764ca

	# Trusted Proxies
	# Used to indicate trust of systems that proxy to the application so
	# certain header values (Such as "X-Forwarded-For") can be used from the
	# incoming proxy request to provide origin detail.
	# Set to an IP address, or multiple comma seperated IP addresses.
	# Can alternatively be set to "*" to trust all proxy addresses.
	APP_PROXIES=null

Will require the X-Forwarded-For to be provided as part of the reverse proxy setup.

[Cave-Johnson]

Apologies, I completely missed that! Set up my instance a while ago so hadn't seen the new env options.

That has solved the issue although I now have a separate odd issue, it now shows up the source IP as a cloudflare IP (my instance is also behind cloudflare).

It looks like cloudflare use a different header, the True-Client-IP Header. https://support.cloudflare.com/hc/en-us/articles/206776727-Understanding-the-True-Client-IP-Header

Is there anything that I can do to get this to show the true origin IP?

[ssddanbrown]

@Cave-Johnson I have not tried this but could you map the cloudflare header across to the expected header on the nginx proxy side? Via a rule such as:

proxy_set_header X-Forwarded-For $http_true_client_ip;

[Cave-Johnson]

Had to use proxy_set_header X-Forwarded-For $http_CF_Connecting_IP; as $http_true_client_ip is for enterprise accounts only.

All working now, thanks for the help!

[Sazzels]

Info

docker-compose.yml

image: "linuxserver/bookstack:24.02.2"

networks:
  - proxy

proxy network

# NPM proxy network IP
"<ID>": {
    "Name": "proxy",
    "EndpointID": "<ID>",
    "MacAddress": "<MAC>",
    "IPv4Address": "172.25.0.4/16",
    "IPv6Address": ""
},

i know this is a old topic but i could not get this running with Nginx Proxy Manager.

Bookstack and NPM share a network proxy and in NPM i forward to http://bookstack:80.

Logs
172.25.0.4 - - [08/Apr/2024:19:07:49 +0000] "GET / HTTP/1.1" 200 10216 "<reverseProxyFQDN>"
"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0"

tried:

APP_PROXIES=*

APP_PROXIES=172.25.0.4

APP_PROXIES=<PROXY_IP>

@Cave-Johnson @ssddanbrown should i open a new issue?

[ssddanbrown]

@Sazzels Yes, and in that issue please detail where you're setting those environment variables and any actions performed after setting them before re-testing.