News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

2.1.2 Reverse Proxy not working

Started by KungFuJoe, June 15, 2022, 01:09:43 PM

Previous topic - Next topic

KungFuJoe

I have SMF running in an nginx container behind an nginx reverse proxy. I have the proxy forwarding both x_real_ip and x_forwarded_for with the correct "real" IP, as verified by PHPInfo. However, no matter what settings I put in the Reverse Proxy area, all member IPs show as the internal/proxy IP. I've tried both x_real_ip and x_forwarded_for as well as auto detect. For the proxy server, I've tried putting in the internal IP that is showing from the proxy as well as leaving it blank.

However, if I manually put this line in index.php, and remove all proxy settings, member IP addresses show up correctly.

 $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_REAL_IP'];

Any ideas what might be going on here?


MrPython

Please show your reverse proxy configurations.
I have a similar problem, everything is fine with http, but problems start with https.
Java scripts do not work correctly with xhtps. Login shows error, registration fails.
The attempt will log in at index.php?action=login, reports that the session has expired.
But I use HTTPS only for reverse proxy, since traffic needs to be protected only on the external network, HTTPS is not needed on the internal network.

HTTPS
upstream target1 {
    server 10.8.0.1:81;
}
server {
       listen         80;
       server_name    site.com;
       return         301 https://site.com$request_uri;
}

server {
        listen 443 ssl;
        server_name site.com;

location / {
    proxy_pass http://target1;
    proxy_cache all;
    proxy_cache_valid any 1h;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
}

    ssl_certificate /path/to/fullchain.pem; # managed by Certbot
    ssl_certificate_key /path/to/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}



Simple reverse proxy. Everything works well.

upstream target1 {
    server 10.8.0.1:81;
}

server {
        listen 80;
        server_name site.com;

location / {
    proxy_pass http://target1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
}

}

Arantor

So what did you set up for the settings in SMF?

Off the top of my head: Board URL should begin with https, cookies should be set to secure, force SSL should be off.

You can also pass X-Forwarded-Proto as https to indicate that you are proxying on behalf of HTTPS but I don't *think* 2.1 expressly uses it (just good to indicate that you are)

MrPython

#3
The board can't work on the HTTPS network, that's the only way. For me.
I found a solution: https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-with-ssl-as-a-reverse-proxy-for-jenkins


server {
    listen 80;
    return 301 https://$host$request_uri;
}

server {

    listen 443;
    server_name site.com;

    access_log            /var/log/nginx/access.log;

    location / {

      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      proxy_pass          http://target1;
      proxy_read_timeout  90;

      proxy_redirect      http://site.com https://site.com;
    }
   
    ...
}

Advertisement: