Have you added the proxy to TRUSTED_PROXIES in the Config File (include/ost-config.php)?
Cheers.
[Resolved] HAProxy Client IP
Yes, line reads exactly:
define('TRUSTED_PROXIES', '192.168.0.0/24');
The IP address of HAProxy is currently 192.168.0.13 so this should match, right?
Thanks!
Set it to the actual IP address instead of an IP range, restart Apache, and retest.
Cheers .
Set to:
define('TRUSTED_PROXIES', '192.168.0.13');
Same result. I am checking from apache2 access logs, not sure if that matters.
Do you have the X-Forwarded-For header set? If not this is the issue. We use get_client_ip which attempts to grabe the IP from the aforementioned header. If not it defaults to the request IP which is HAProxy’s IP in your case.
Cheers.
In HAProxy frontend i have option forwardfor which should add this header. I don't think I need to add this also to backend, but I had moved the option around to see if that was the issue, it doesn't seem to make a difference. Other applications behind this proxy do have client IP's though, just not this instance of osTicket.
Does Apache2 typically need to be configured to allow this? I did try loading mod_remoteip but unless configuration is required that didn't seem to help either.
Look at the request in the browser and see if it has the X-Forwarded-For header set and ensure it’s set to the correct IP.
Cheers.
Both the proxy and the webserver are in containers so I'll need to find a way to get tpcdump in between. I'll get back to you when I can get you that information.
Thanks for your help so far.
I do have X-Forwarded-For with my client IP address listed in the GET coming from the proxy (192.168.0.13) to the webserver (192.168.0.14).
X-Forwarded-Proto: https\r\n
X-Forwarded-Port: 443\r\n
X-Forwarded-For: 10.18.1.45\n\n
Let me ask you this (should’ve asked at the beginning) where exactly is the IP showing incorrectly?
Cheers.
- Edited
Well, previously under scp/logs.php but it looks like this is working now...
I did set the TRUSTED_PROXIES back to CIDR range and it's still working as expected. Not sure where the kink was worked out but I appreciate your help.
Dude awesome! I have no idea why or what either. Maybe there was some weird caching going on or something and eventually expired? Who knows. I’m glad it’s working correctly now!
Cheers.
KevinTheJedi changed the title to [Resolved] HAProxy Client IP.
KevinTheJedi locked the discussion.