-
-
Notifications
You must be signed in to change notification settings - Fork 598
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Overriding trusted proxy CIDRs does not work #9723
Comments
On 2024.4.2, I have
Perhaps you could share some of the details of your setup, especially regarding your reverse proxy and how it accesses authentik. |
Also, I notice that you have both |
Weird, if i don't add client IP not show up right. |
I upgraded to 2024.4.2 and removed AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS from the .env file. thanks for help. |
I couldn’t open case #9720, so I had to make a new issue.
Describe the bug
Overriding trusted proxy CIDRs via the configuration flag AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS does not work.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Authentik should configure it's trusted proxy CIDR list based on the configured values in AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS.
Same problem: #7712 and #9720
Additional context
Current workaround (described in #6749) is to mount a custom defaults.yaml file with the CIDRs added (which is confirmed to be working).
Last tested version: 2024.4.1
Deployment: docker-compose
--
The format you're using is wrong. Quoting from https://docs.goauthentik.io/docs/installation/configuration#listen-settings
So
AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS=127.0.0.0/8,::1/128
Originally posted by @rissson in #9720 (comment)
I did try .env file:
AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,fe80::/10,::1/128,192.168.0.0/24
Result:
trusted_proxy_cidrs:
Or docker-compose.yml
server:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.4.2}
container_name: authentik_server
restart: unless-stopped
command: server
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,fe80::/10,::1/128,192.168.0.0/24
Result:
trusted_proxy_cidrs:
The text was updated successfully, but these errors were encountered: