1

I have a flask app and nginx running on the same docker bridged network. Nginx acts as a reverse proxy for the app, and the conf is set to:

proxy_set_header            X-Forwarded-For   $proxy_add_x_forwarded_for;
proxy_set_header            X-Forwarded-Host  $http_host;
proxy_set_header            X-Forwarded-Proto $scheme;
proxy_set_header            X-Real-IP         $remote_addr;
proxy_set_header            Host              $http_host;

The flask application is using proxy_fix like so:

app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_host=1)

This way, nginx changes the request headers so that request.remote_addr is set to the first address in the X-Forwarded-For header. However flask still logs the ip of nginx!

Here's an example:

app               | 10.199.0.1 # print request.remote_addr inside flask
app               | X-Forwarded-For: 10.199.0.1 # print request.headers inside flask
app               | X-Forwarded-Proto: https
... # more headers
app               | 10.199.0.2 - - [2022-04-13 11:21:22] "GET / HTTP/1.0" 200 146 0.002357 # this is the nginx ip!
nginx             | 10.199.0.1 - - [13/Apr/2022:15:21:22 +0000] "GET / HTTP/1.1" 200  19 "-" "curl/7.61.1" "-"

Not sure what I have to do to change flask so it logs the original ip here. Where did my app even get the nginx address from if it's not in the request headers?

WorkAppropriateUsername
  • 11
  • 1
  • 1
    this might be helpful: https://stackoverflow.com/a/49052873/973254 –  Apr 13 '22 at 16:00
  • My request.access_route is just a single item ImmutableList with the same address as the one I set in X-Forwarded-For. This doesn't change what flask logs (second to last line in example) – WorkAppropriateUsername Apr 13 '22 at 16:06
  • then you might need to configure your `nginx` with `--with-http_realip_module` option to try to use `real_ip` module, this will definitely help –  Apr 13 '22 at 19:48

0 Answers0