Logging external ip behind reverse proxy

mpAB · August 4, 2016, 7:09am

I have a instance of ownCloud 9.1.0 (stable), and I’m trying to set up fail2ban. The problem is that the owncloud log has my reverse proxy ip not the external ip. I’m using a NGINX reverse proxy which has “proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;” set in the the config. I have also added " ‘forwarded_for_headers’ => array(‘HTTP_X_FORWARDED’, ‘HTTP_FORWARDED_FOR’)," in config.php. Any help would be greatly appreciaated.

anon30676603 · August 4, 2016, 7:34am

Hi,

have a look at this comment for some pointers:

github.com/owncloud/core

Wrong HTTP_X_FORWARDED example in config.sample.php?

opened 08:05PM - 18 Oct 15 UTC

closed 02:01PM - 29 Oct 15 UTC

ghost

enhancement

Hi, both 8.1.x and 8.2 contains the following line: `'forwarded_for_headers' =…> array('HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR'),` at: https://github.com/owncloud/core/blob/v8.1.3/config/config.sample.php#L1022 https://github.com/owncloud/core/blob/v8.2RC3/config/config.sample.php#L1107 A user reported at the forums (https://forum.owncloud.org/viewtopic.php?f=31&t=30951) that he had to use: `'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR', 'HTTP_FORWARDED_FOR'),` instead to get the correct IP logged for fail2ban. I don't know whats the difference is or if the missing `_FOR` is just a typo? cc @LukasReschke

mpAB · August 6, 2016, 8:45am

Thanks for the help, I had come across that post before but obviously didn’t read it close enough. For those who may find this post this is what I implemented.

In NGINX

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

In owncloud config.php

'trusted_proxies' => array ('IP of proxy'),
  'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR', 'HTTP_FORWARDED_FOR'),