trusted proxies and real ip

[norkunas]

currently in compose.yaml there is:

TRUSTED_PROXIES: ${TRUSTED_PROXIES:-127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16}
TRUSTED_HOSTS: ^${SERVER_NAME:-example\.com|localhost}|php$$

ok so spin up for the localhost, my container has this:

docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' www-php-1
172.21.0.1

but for some reason in Symfony $request->getClientIps() returns the container ip. what more configuration is needed?

[dunglas]

We may need to adapt the config to use the new trusted_proxies directive introduced by Caddy: https://caddyserver.com/docs/caddyfile/options#trusted-proxies

[094ikis09]

It may help you to add the following lines to the file along the config/packages/framework.yaml path:

framework:
    #...any conf
    trusted_headers: [ 'x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port', 'x-forwarded-prefix' ]
    trusted_proxies: '127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16'
    #...any conf

[norkunas]

@094ikis09 thanks, tried this on the dev env, but it still returns the docker ip, so I guess I'll have to try caddy trusted_proxies directive.
for the prod env, it works when I list cloudflare ips in trusted proxies, so I get real ip without configuring caddy