Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Real IP's not being passed by ssl proxy #431

Closed
jacqueshenning opened this issue Dec 11, 2018 · 3 comments
Closed

Real IP's not being passed by ssl proxy #431

jacqueshenning opened this issue Dec 11, 2018 · 3 comments
Milestone
v0.15.1

Comments

@jacqueshenning
Copy link

jacqueshenning commented Dec 11, 2018
edited

Hi

I have a separate nginx ssl proxy setup infront of API Umbrella.
how do I enable API Umbrella to receive the real IP of the client connecting to the proxy?
I have:
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

Also using: (for testing purposes)
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $remote_addr;

set in the ssl proxy config...

But where can I add:
set_real_ip_from 10.0.0.0/8;
real_ip_header X-Real-IP;
real_ip_recursive on;

On the API Umbrella host?

Kind Regards
@jacqueshenning
Copy link
Author

Can anyone assist here?
Surely there must be information on where I can add to the nginx config?
i.e.
/etc/api-umbrella/api-umbrella.yml
nginx:
set_real_ip_from 10.0.0.0/8;
real_ip_header X-Real-IP;
real_ip_recursive on;

Any advise would be appreciated.

@GUI GUI added this to the v0.15.0 milestone Apr 29, 2019
@jacqueshenning
Copy link
Author

jacqueshenning commented Oct 13, 2020
edited

I narrowed it down.
I need to be able to add to Nginx config:
set_real_ip_from YOUR_REVERSE_PROXY_IP_HERE;
real_ip_header X-Forwarded-For;

On a Regular LEMP stack the config would file to edit would be:
sudo nano -w /etc/nginx/nginx.conf

API Umbrella is recording the Proxy IP and not the connecting clients real IP's.

Could one of the dev's please assist with this or point me in the right direction.

@jacqueshenning
Copy link
Author

jacqueshenning commented Oct 14, 2020
edited

Figured it out.

Changed:
sudo nano -w /opt/api-umbrella/embedded/apps/core/current/templates/etc/nginx/realip.conf.mustache

Original config:

{{#router.trusted_proxies}}
set_real_ip_from {{.}};
{{/router.trusted_proxies}}
real_ip_header X-Forwarded-For;
real_ip_recursive on;

Change to:

{{#router.trusted_proxies}}
set_real_ip_from 127.0.01;
set_real_ip_from YOUR_REVERSE_PROXY_IP_HERE;
{{/router.trusted_proxies}}
real_ip_header X-Forwarded-For;

Restart API Umbrella:
sudo /etc/init.d/api-umbrella restart

You can add load balancers, SSL, Reverse Proxies and WAF like this.
just add a new line:
set_real_ip_from YOUR_REVERSE_PROXY_IP_HERE;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.15.1
Development

No branches or pull requests
2 participants
@GUI @jacqueshenning