[FEAT] See client IP when used with reverse proxy

[bobbyl140]

Is this a new feature request?

• I have searched the existing issues

Wanted change

I wish for support of X-Forwarded-For header from a reverse proxy.

Reason for change

I use Apache as a proxy for all my various containers and other services, and when loading the speedtest page through the proxy, the IP is listed as “(null)”.

Proposed code change

I don’t really have a change in mind, I’m not entirely sure how IP checks work, but some way to set the IP to the value of X-Forwarded-For if an IP doesn’t already exist.

[github-actions]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

[aptalca]

Nginx does support it, however, the nginx in this container does not trust a proxy unless it is told to do so. By default, nginx should display the source ip it directly sees, which should be your apache container. Not sure why it's showing null.

See the realip header here: https://github.com/linuxserver/docker-nextcloud/blob/master/root/defaults/nginx/site-confs/default.conf.sample#L22-L24

Try adding that to the default site conf for this container and see if that works. The range/address needs to cover your proxy as seen by this container

[bobbyl140]

I copied the contents of that conf file into a file on my host, mounted it in the container (to persist it) and added:

set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;

I used 0.0.0.0/0 temporarily because I don't know what the IP would be, my setup is a little complicated, but the librespeed container is only accessible from the proxy anyways due to my firewall.

I restarted the container, but unfortunately it still shows null as the IP. I also tried using a different header name in both my proxy and nginx in the container, and that didn't change things either.

[aptalca]

I copied the contents of that conf file into a file on my host, mounted it in the container (to persist it) and added

You need to edit the existing file in the config folder and restart the container. Randomly mapping in a file won't do anything and might break things.
/config/nginx/site-confs/default.conf

[bobbyl140]

My problem is that by taking down the container and starting it again, any changes I make will be erased. I mapped the file to that specific path so it should behave like normal, which I’ve done to customize other containers’ files in a similar manner.

[j0nnymoe]

Post your compose, any changes you make within the /config should not be erased.

[bobbyl140]

version: '3.7'
services:
  speedtest:
    container_name: speedtest
    image: registry.gitlab.com/linuxserver.io/docker-librespeed/librespeed:latest
    restart: always
    volumes:
      - ./speedtest/database:/database
      - ./speedtest/default.conf:/config/nginx/site-confs/default.conf // This is the new line
    environment:
      MODE: standalone
      TITLE: "Speedtest"
      ENABLE_ID_OBFUSCATION: "true"
      DISTANCE: "mi"
      WEBPORT: 80
    ports:
      - "9065:80"

[bobbyl140]

I ran bash in the (newly created) container and edited the file /config/nginx/site-confs/default.conf. Those lines do show up from the mounted file, but the IP is still null.

[aptalca]

Please follow the readme and set up the container with the arguments listed and only the arguments listed.

The config folder is a required persistent folder for this container

[bobbyl140]

I think I know what happened, when I set this up (months ago) I had copied the config file from a different speedtest container repo I had already edited and forgot to change stuff. I’ll fix and see if that changes things.

[bobbyl140]

I have changed my compose file to the following:

version: '3.7'
services:
  speedtest:
    container_name: speedtest
    image: registry.gitlab.com/linuxserver.io/docker-librespeed/librespeed:latest
    restart: always
    volumes:
      - ./speedtest/config:/config
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - PASSWORD=[Redacted]
    ports:
      - "9065:80"

Then I edited the file on my host. The problem is still occurring.
The reason I used a different path for the container than in the readme, is because the one mentioned which I had used before today contained Apache instead of nginx.

[aptalca]

My bad, I thought you meant you were using Apache to reverse proxy.

I just did some local tests.

Created a fresh librespeed container and reverse proxied with SWAG: https://github.com/linuxserver/reverse-proxy-confs/blob/master/librespeed.subdomain.conf.sample

As I suspected, nginx access log in librespeed is displaying the source IPs as the SWAG IP (without the real IP header set).

However, Librespeed gui displays the actual source IP passed in via headers by SWAG.

I accessed both locally and over WAN and Librespeed displayed the correct LAN IP and public IP respectively.

This is likely an issue with your reverse proxy settings.

[bobbyl140]

I have Apache as my public-facing proxy, yes, but nginx inside the container as it comes. I’m sorry to make this so confusing. I have set the X-Forwarded-For header on Apache, and it works on other containers (an example of which is the audit logs in Bookstack).

[bobbyl140]

@aptalca any ideas? Like I mentioned, my Apache reverse proxy works fine with the other containers I run, so I know the X-Forwarded-For header is working.

[aptalca]

No, I never used apache and it's not something we support.

We add a lot of headers in SWAG not just the x-forwarded-for

You may want to ask the upstream dev as librespeed does its own thing when determining the source IP. It doesn't show the same thing as the nginx instance serving it does.

[bobbyl140]

Ah okay. Thank you, sorry to bother you.