Welcome! Log In Create A New Profile

Advanced

Correctly handling X-Forwarded-For: in the case of multiple proxies

Posted by tempa 
Forum List Message List New Topic
tempa
Correctly handling X-Forwarded-For: in the case of multiple proxies
May 13, 2019 11:52PM
Plex Server Version#: 1.15.5.994
Player Version#:
Custom server access URLs: [https://plex.mydomain.com:443,(http://192.168.x.x:32400/)

All services are in docker containers.
SSLH on 192.168.70.239
Openvpn-as on 192.168.70.238
Nginx on 192.168.70.242
Plex on 192.168.70.244

Plex is unable to distinguish between local and remote traffic.
My setup is SSHL forwards ssh traffic to Openvpn-as which then uses portshare to forward the ssh traffic to Nginx.

Plex shows the remote users as 192.168.70.242, which shows in the local lan graphs. I want Nginx to get the real ip from SSLH.

my nginx config is:

# PLEX #


ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

#Upstream to Plex
upstream plex_backend {
server 192.168.70.244;
keepalive 32;
}

server {
listen 80;
server_name plex.mydomain.com;
return 301 https://$host$request_uri;
}

server {
#listen 80;
#Enabling http2 can cause some issues with some devices, see #29 - Disable it if you experience issues
listen 8443 ssl http2; #http2 can provide a substantial improvement for streaming: https://blog.cloudflare.com/introducing-http2/
server_name plex.mydomain.com;

resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;

send_timeout 100m;

ssl_session_tickets off;

#Plex has A LOT of javascript, xml and html. This helps a lot, but if it causes playback issues with devices turn it off. (Haven't encountered any yet)
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
gzip_disable "MSIE [1-6]\.";

#Nginx default client_max_body_size is 1MB, which breaks Camera Upload feature from the phones.
#Increasing the limit fixes the issue. Anyhow, if 4K videos are expected to be uploaded, the size might need to be increased even more
client_max_body_size 100M;

#Forward real ip and host to Plex
set_real_ip_from 192.168.70.239;
set_real_ip_from 192.168.70.238;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
proxy_set_header X-Forwarded-By $server_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Host $http_host;


#Websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";


#Buffering off send to the client as soon as the data is received from Plex.
proxy_redirect off;
proxy_buffering off;

#Plex
location / {
#Example of using sub_filter to alter what Plex displays, this disables Plex News.
#sub_filter ',news,' ',';
#sub_filter_once on;
#sub_filter_types text/xml;
proxy_pass https://192.168.70.244:32400;
}

}
Reply Quote
Newer Topic Older Topic
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 294
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready