Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Snapweb behind ngnx proxy - client IP #54

Open
MG-Sky opened this issue Oct 31, 2023 · 1 comment
Open

Snapweb behind ngnx proxy - client IP #54

MG-Sky opened this issue Oct 31, 2023 · 1 comment

Comments

@MG-Sky
Copy link

MG-Sky commented Oct 31, 2023

Hello I've been trying to fix the information on the web about client real IP behinds the proxy, but app constantly shows NGX NPM IP (one ip), instead of the client's, here is my setup (few versions i have tried):

` location / {
set $upstream http://192.168.xxxx:1780;
proxy_pass $upstream;

   # Basic Proxy Config
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $server;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $http_host;
    proxy_set_header X-Forwarded-Uri $request_uri;
    proxy_set_header X-Forwarded-Ssl on;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "upgrade";
   proxy_redirect  http://  $scheme://;
    proxy_http_version 1.1;
    proxy_set_header Connection "";


}`

do you know how i can pass Client real IP to the Snapcast behind proxy?
@bendschs
Copy link

bendschs commented Mar 7, 2024
edited

the following nginx config is working for me. it contains ssl transport encryption and a basic auth (which is configured in .htpasswd file).

server {
  listen 443 ssl;
  #listen [::]:443;
  server_name snap.domain.com;

  ssl_certificate /etc/letsencrypt/live/snap.domain.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/snap.domain.com/privkey.pem;
  ssl_ciphers "XXXXXXXXXXXXXXXXXXXXXXX";
  ssl_prefer_server_ciphers on;
  ssl_session_cache builtin:1000 shared:SSL:10m;
  ssl_session_timeout 1d;

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always;
  proxy_http_version 1.1;
  proxy_read_timeout 600s;
  proxy_set_header HOST $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Port $server_port;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";

 location /
{
   auth_basic "Username and Password Required";
   auth_basic_user_file  /etc/nginx/.htpasswd;
    proxy_pass http://192.168.2.10:1780;
    }
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bendschs @MG-Sky