Specifying a hostname (not IP) for trusted_proxies

da3 · January 22, 2017, 5:25pm

Hi, I have OC running inside a Docker container alongside a separate container hosting an nginx-based SSL reverse proxy. I want to be able to see the real IP of requests in the OC log file so I can feed it to Fail2Ban. If I specifiy the IP of the nginx container then this all works fine. The problem is that that this IP is transient; if I reboot then this container could get a different IP assigned. If I use the container's hostname in trusted_proxies instead of it's IP then the requester's real IP does not get represented in the logs - all requests appear to originate from the proxy.

Does anyone have any possible solutions for this scenario where the proxy's hostname is known but the IP is not?

Thanks,
Andy

scheppi2610 · January 24, 2017, 9:31am

my transparent haproxy has an option "forward-for"... This feed the http variable "x-forwarded-for".
It would be nice if owncloud could be configured that it shows this variable instead of the "REMOTE_ADDR" or "HTTP_CLIENT_IP"...

anon81984126 · January 24, 2017, 1:12pm

Hi,

it might worth to have a look in a documentation where various configuration options for a reverse proxy exists:

https://doc.owncloud.org/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html