[SOLVED] X-Real-IP in Log

[Freemind]

Hi,

we use nginx reverse proxy before proxmox, now in the daemon log there is always 127.0.0.1(localhost) as user. I need the real ip there for fail2ban to work properly. Have looked in the Code but couldnt manage to fix it on my own, it needs to look for the "X-Real-IP" in the header and use this IP as the client ip. Could someone please help me integrate this? I tracked it down to /usr/share/perl5/PVE/HTTPServer.pm Line #1234:

$auth = PVE::REST::auth_handler($self->{rpcenv}, $reqstate->{peer_host}, $method,
$rel_uri, $ticket, $token);

The "$reqstate->{peer_host}" is used as client-ip, which variable do I need to insert there to get the X-Real-IP?

thanks alot beforehand for any help!

kind regards,
freemind

 

[dietmar]

I guess you should run fail2ban on the nginx logs instead.

 

[Freemind]

but how would nginx know if the login was successful or failed?

 

[dietmar]

but how would nginx know if the login was successful or failed?

don't know - sorry.

 

[Freemind]

so thats no solution, how to access the X-Real-IP in HTTPServer.pm? That would be a solution

 

[Freemind]

if ($r->header('X-Forwarded-For')) {
$reqstate->{peer_host} = $r->header('X-Forwarded-For');
}

before the auth_handler request did it.

 

[Parameter1682]

For anyone coming across this thread in the future, I also ran into the same issue, but it doesn't seem to be solvable in this configuration. I've detailed my findings in this proxmox forum thread.