-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Internal Proxy IP being logged instead of remote WAN IP when behind proxy #2535
Comments
I managed to work around this issue by copying proxy.conf to the host and modifying and adding 1 line per below. Then i mapped proxy.conf in the docker-compose.yml.
Now nginx inside the image is logging with WAN IP - 121.x.x.x In identity.log and entering incorrect credentials, WAN IP is now being logged correctly.
I am by no means an expert so for now this will get me by. Perhaps there is an environment variable which can be added to specify the IP/IP’s. EDIT: Closing this. There is indeed an environment variable which I wasn’t aware of in the first place |
Steps To Reproduce
There have been similar issues logged historically similar to this and real ip from config.yml needed to be updated with ip address of proxy host. Couldn’t find where this needs to be set in Unified deployment.
Expected Result
IP logged should be WAN IP
Actual Result
IP logged is the internal IP of the Proxy host.
The proxy in front of Bitwarden unified is logging the real WAN IP via client [121.x.x.x]. I can see so in the access log.
The internal nginx proxy in the docker Bitwarden unified image, logs the remote IP incorrectly as the fronted proxy host server internal IP in /var/log/nginx/access.log. [10.0.0.24]
10.0.0.24 - - [04/Jan/2023:15:14:14 +1100] "POST /identity/accounts/prelogin HTTP/1.1" 200 58 "https://mybitwardenserver.tld/" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.2 Mobile/15E148 Safari/604.1" "121.x.x.x, 121.x.x.x"
Nginx.conf logs per this
Also WAN IP is not logged correctly in /var/log/bitwarden/identity.log, which is logging the host IP of the internal fronted proxy server which Bitwarden sits behind, and it seems this IP is being used when sending new device login emails.
Failed login attempt, 2FA invalid. 10.0.0.24
Screenshots or Videos
Additional Context
Nginx proxy manager advanced config of the fronted proxy server which bitwarden sits behind:
Githash Version
455d62e-dirty
Environment Details
Database Image
postgres:14
Issue-Link
#2480
Issue Tracking Info
The text was updated successfully, but these errors were encountered: