We are using a smartfox websockets application behind a nginx websockets proxy, which leads to all client requests coming from the IP of the proxy server, not the real client IP. nginx is setting X-Forwarded-For and X-Real-IP headers, which is working fine for most backend stacks e.g. rails but is not honoured by the smartfox server.
Is there a way to identify the real IP of the client in SFS2X 2.12?
Client IP for websockets behind a nginx proxy
Re: Client IP for websockets behind a nginx proxy
Hi,
I am not familiar with the inner workings of nginx but this doesn't sound like an SFS issue.
The client connection is going through a proxy and therefore it is expected that the server will see all clients coming from the same source. As to how this can be changed I don't know but it's definitely a task for the proxy server.
Maybe it's an issue with websockets in nginx?
I am not familiar with the inner workings of nginx but this doesn't sound like an SFS issue.
The client connection is going through a proxy and therefore it is expected that the server will see all clients coming from the same source. As to how this can be changed I don't know but it's definitely a task for the proxy server.
Maybe it's an issue with websockets in nginx?
Re: Client IP for websockets behind a nginx proxy
It's not a "bug" per se in SFS2 and nginx is working as expected in proxy mode. Services running behind a proxy are very common and most backend server stacks have an option to retrieve the real IP of the client or are using the X-Forwarded-For header to set it accordingly. Is that possible with SFS2?
Re: Client IP for websockets behind a nginx proxy
No, at least not as of SFS2X 2.12 which implements websockets via Netty 3.x.
We're planning to replace the implementation via Jetty 9.x in the near future, and we'll investigate if this is possible, which I think it is (according to their docs).
Thanks
We're planning to replace the implementation via Jetty 9.x in the near future, and we'll investigate if this is possible, which I think it is (according to their docs).
Thanks
Re: Client IP for websockets behind a nginx proxy
Hi Lapo,
Is there any way I can get specific headers from a connection?
Is there any way I can get specific headers from a connection?
Re: Client IP for websockets behind a nginx proxy
Hello,
could you expand on your request and explain what you're trying to achieve exactly?
The websocket protocol doesn't support custom headers, unless maybe for the initial "UPGRADE" request. I'd like to better understand what is the use case.
thanks
could you expand on your request and explain what you're trying to achieve exactly?
The websocket protocol doesn't support custom headers, unless maybe for the initial "UPGRADE" request. I'd like to better understand what is the use case.
thanks
Re: Client IP for websockets behind a nginx proxy
Hi,
My problem is I have my game on iOS, Android and Web. I don't enable WSS on my Smartfox server, it's all okay till I need to deploy web version under secure domain, so I have to establish a proxy, on which I secure connect to specific port then proxy will pass the request to Smartfox server. But as the topic, I cannot capture real ip from users which is mandatory for analytics. I've already enable X-Forward-for Configuration on jetty. Now how can I get X-Forward-For header Jetty captured?
My problem is I have my game on iOS, Android and Web. I don't enable WSS on my Smartfox server, it's all okay till I need to deploy web version under secure domain, so I have to establish a proxy, on which I secure connect to specific port then proxy will pass the request to Smartfox server. But as the topic, I cannot capture real ip from users which is mandatory for analytics. I've already enable X-Forward-for Configuration on jetty. Now how can I get X-Forward-For header Jetty captured?
Re: Client IP for websockets behind a nginx proxy
Hi,
Why is this?
I mean, why do you need a proxy for secure domain instead of just running WSS and avoid the problem entirely?
Thanks
trungnt85 wrote:Hi,
My problem is I have my game on iOS, Android and Web. I don't enable WSS on my Smartfox server, it's all okay till I need to deploy web version under secure domain, so I have to establish a proxy
Why is this?
I mean, why do you need a proxy for secure domain instead of just running WSS and avoid the problem entirely?
Thanks
Re: Client IP for websockets behind a nginx proxy
Back to your question:
It's not possible to do what you're asking. We don't support it, I am afraid.
I've already enable X-Forward-for Configuration on jetty. Now how can I get X-Forward-For header Jetty captured?
It's not possible to do what you're asking. We don't support it, I am afraid.
Re: Client IP for websockets behind a nginx proxy
Thanks Lapo,
For some reason I cannot upgrade client library to support secure socket yet, might have to leave it to next phase.
For some reason I cannot upgrade client library to support secure socket yet, might have to leave it to next phase.
Who is online
Users browsing this forum: No registered users and 76 guests