Need clarification on trusted hops

[nabheet]

I am not sure I understand trusted hops here: https://github.com/pgjones/hypercorn/blob/main/src/hypercorn/middleware/proxy_fix.py#L77

If I just have one nginx reverse proxy in front of my web server cluster, is this value 1 or 2. I am using Cloud Run which is putting two IPs in the x-forwarded-for http header. Since it is picking the last value, that is not the client. So I guess in my case, I need to use trusted_hops = 2.

Also, how do I get it to log the client IP? as the remote ip using the %(h)s format string still gives me the reverse proxy IP and not the real client IP.

[pgjones]

Hopefully d264794 makes this clearer. In your case it should like two proxies set the header before Hypercorn, so the value should be trusted_hops = 2.

Also, how do I get it to log the client IP? as the remote ip using the %(h)s format string still gives me the reverse proxy IP and not the real client IP.

Hypercorn logs before the middleware makes the proxy fix changes (middleware is for the ASGI app). %({x-forwarded-for})i gives the full header.