Proxmox VE behind reverse proxy (Real-IP)

[garnoux]

Hi,
I access my PVE behind a reverse proxy. here is the conf

server {
  listen 80;
  server_name myfqdn;
  set $primary_domain myfqdn;
  if ($host != $primary_domain) {
    rewrite ^ $scheme://$primary_domain permanent;
  }
  location / {
    return 301 https://$server_name$request_uri;
  }
}

server {
  listen 443 ssl;
  ssl_certificate /etc/nginx/ssl/fullchain.pem;
  ssl_certificate_key /etc/nginx/ssl/privkey.pem;
  server_name myfqdn;
  set $primary_domain myfqdn;
  if ($host != $primary_domain) {
    rewrite ^ $scheme://$primary_domain permanent;
  }
  proxy_redirect off;
  location / {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_buffering off;
    client_max_body_size 0;
    proxy_connect_timeout  3600s;
    proxy_read_timeout  3600s;
    proxy_send_timeout  3600s;
    send_timeout  3600s;
    proxy_pass https://internalIP:8006/;
  }
}

When someone authenticates, the event is reported with the internal natted ip of the reverse proxy. How to change it to let reveal the real IP.

In the logs of the reverse proxy, this is the real IP that is showed.

Thank's

 

[Moayad]

Hello,

You maybe have to add the `X-Real-IP` in the Nginx config, .e.g.:

proxy_set_header X-Real-IP $remote_addr;

 

[garnoux]

I've already tried it. Without success...

May 24 12:50:04 pve-kimsufi pvedaemon[132244]: authentication failure; rhost=::ffff:10.50.0.254 user=garnoux@pam msg=no such user ('garnoux@pam')

 

[Moayad]

Please note that this is not Proxmox issue. However, did you restart the nginx and pveproxy after you edit the Nginx config?

 

[garnoux]

yes sure. but in nginx, i can modify log to write real ip or natted ip. maybe in the pve daemon i can too ?
I think real ip is set in request but the daemon display an other ip