I’m trying to set headers containing the connecting client’s IP address, but pcap is showing both X-Forwarded-For & X-Real-IP as 127.0.0.1
Does anyone have experience with this in the Jitsi environment? Tthis should be working for a typical ngnix proxy.
/etc/nginx/sites-enabled/my.domain.conf :
# BOSH
location = /http-bind {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:5280/http-bind;
Please check your nginx config: I guess the file /etc/nginx/sites-enabled/my.domain.conf does not actually listen on port 443? Instead, there is another nginx config listening to the TCP stream on 443 and uses ALPN multiplexing to route the traffic either to upstream web or upstream turn?
If that’s the case you can try to add
proxy_bind $remote_addr transparent;
to the server {} block. However, as I understand the documentation, it is not guaranteed to work without further configuration of your networking stack, see https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_bind and https://stackoverflow.com/questions/40873393/nginx-real-client-ip-to-tcp-stream-backend
As far as I understand the problem is that the module “ngx_stream_realip_module” is not compiled in Nginx by default.
So you will have to manually compile Nginx to get this module activated.
http://nginx.org/en/docs/stream/ngx_stream_realip_module.html
My 2 cents.
Thanks for the replies, Found a working method Here
After that , the original bosh location needs to have $remote_addr replaced with $proxy_protocol_addr
# BOSH
location = /http-bind {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
proxy_pass http://localhost:5280/http-bind;
}
3 Likes
You are the man!
Thank you.