Snapweb behind ngnx proxy - client IP
MG-Sky opened this issue · comments
Hello I've been trying to fix the information on the web about client real IP behinds the proxy, but app constantly shows NGX NPM IP (one ip), instead of the client's, here is my setup (few versions i have tried):
` location / {
set $upstream http://192.168.xxxx:1780;
proxy_pass $upstream;
# Basic Proxy Config
proxy_set_header Host $host;
proxy_set_header X-Real-IP $server;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
}`
do you know how i can pass Client real IP to the Snapcast behind proxy?
the following nginx config is working for me. it contains ssl transport encryption and a basic auth (which is configured in .htpasswd file).
server {
listen 443 ssl;
#listen [::]:443;
server_name snap.domain.com;
ssl_certificate /etc/letsencrypt/live/snap.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/snap.domain.com/privkey.pem;
ssl_ciphers "XXXXXXXXXXXXXXXXXXXXXXX";
ssl_prefer_server_ciphers on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 1d;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always;
proxy_http_version 1.1;
proxy_read_timeout 600s;
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
location /
{
auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://192.168.2.10:1780;
}
}