Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[REQUEST] Extend m_websocket to allow for real host header usage when used with a NGINX transparent proxy. #1406

Closed
WesleyChannon opened this issue Oct 13, 2017 · 3 comments
Labels

Comments

@WesleyChannon
Copy link

@WesleyChannon WesleyChannon commented Oct 13, 2017

Would it be possible to extend the m_websocket module for InspIRCd 3.x to allow the use of real host headers sent from an upstream (frontend) NGINX proxy server?

Currently, when using NGINX as a (transparent) proxy for web-based websocket clients, the proxy IP is being associated to the connecting user, not the real user IP address.

Suggest making either use of either the 'X-Real-IP' or 'X-Forwarded-Host' headers that NGINX can send downstream as part of the connection information.

NGINX allows you to send them as such (within the relative 'location' definition):

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $remote_addr;

The main reason for wanting to use NGINX is to allow the use of port 80 and/or port 443 (with the same SSL certificate and domain as the website).

@SaberUK SaberUK added this to the v3.0 milestone Oct 13, 2017
@Robby-

This comment has been minimized.

Copy link
Contributor

@Robby- Robby- commented Oct 15, 2017

This should go along with a setting to restrict from which IPs such a header is accepted, to prevent spoofing, and also a way to tell which header to actually look for rather than hard coding a list.

See also the following link and all the config options provided by this module to get an idea:
https://nginx.org/en/docs/http/ngx_http_realip_module.html

Also, you probably meant X-Forwarded-For instead of X-Forwarded-Host.

@SaberUK SaberUK removed this from the v3.0 milestone Oct 15, 2018
@SaberUK SaberUK removed the minor label Sep 15, 2019
@LunaSquee

This comment has been minimized.

Copy link

@LunaSquee LunaSquee commented Nov 28, 2019

+1 for this

@SaberUK

This comment has been minimized.

Copy link
Member

@SaberUK SaberUK commented Nov 28, 2019

This should be implemented in bb1f892 and afb5972.

@SaberUK SaberUK closed this Nov 28, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.