Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
[REQUEST] Extend m_websocket to allow for real host header usage when used with a NGINX transparent proxy. #1406
Would it be possible to extend the m_websocket module for InspIRCd 3.x to allow the use of real host headers sent from an upstream (frontend) NGINX proxy server?
Currently, when using NGINX as a (transparent) proxy for web-based websocket clients, the proxy IP is being associated to the connecting user, not the real user IP address.
Suggest making either use of either the 'X-Real-IP' or 'X-Forwarded-Host' headers that NGINX can send downstream as part of the connection information.
NGINX allows you to send them as such (within the relative 'location' definition):
The main reason for wanting to use NGINX is to allow the use of port 80 and/or port 443 (with the same SSL certificate and domain as the website).
This should go along with a setting to restrict from which IPs such a header is accepted, to prevent spoofing, and also a way to tell which header to actually look for rather than hard coding a list.
See also the following link and all the config options provided by this module to get an idea:
Also, you probably meant