Proxmox VE behind reverse proxy (Real-IP)

garnoux

New Member
Apr 7, 2023
15
0
1
Hi,
I access my PVE behind a reverse proxy. here is the conf
NGINX:
server {
  listen 80;
  server_name myfqdn;
  set $primary_domain myfqdn;
  if ($host != $primary_domain) {
    rewrite ^ $scheme://$primary_domain permanent;
  }
  location / {
    return 301 https://$server_name$request_uri;
  }
}

server {
  listen 443 ssl;
  ssl_certificate /etc/nginx/ssl/fullchain.pem;
  ssl_certificate_key /etc/nginx/ssl/privkey.pem;
  server_name myfqdn;
  set $primary_domain myfqdn;
  if ($host != $primary_domain) {
    rewrite ^ $scheme://$primary_domain permanent;
  }
  proxy_redirect off;
  location / {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_buffering off;
    client_max_body_size 0;
    proxy_connect_timeout  3600s;
    proxy_read_timeout  3600s;
    proxy_send_timeout  3600s;
    send_timeout  3600s;
    proxy_pass https://internalIP:8006/;
  }
}

When someone authenticates, the event is reported with the internal natted ip of the reverse proxy. How to change it to let reveal the real IP.

In the logs of the reverse proxy, this is the real IP that is showed.

Thank's
 
Hello,

You maybe have to add the `X-Real-IP` in the Nginx config, .e.g.:

Code:
proxy_set_header X-Real-IP $remote_addr;
 
I've already tried it. Without success...

May 24 12:50:04 pve-kimsufi pvedaemon[132244]: authentication failure; rhost=::ffff:10.50.0.254 user=garnoux@pam msg=no such user ('garnoux@pam')
 
Please note that this is not Proxmox issue. However, did you restart the nginx and pveproxy after you edit the Nginx config?
 
yes sure. but in nginx, i can modify log to write real ip or natted ip. maybe in the pve daemon i can too ?
I think real ip is set in request but the daemon display an other ip
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!