Ilya
May 9, 2023, 12:24pm
1
Hello!
I use rest-server behind reverse proxy [haproxy] for SSL termination and filter unwanted traffic.
As I see, rest-server logs “127.0.0.1” as client IP - it receives requests from local haproxy.
I configured haproxy to send X-Forwarded-For header to the rest-server.
But, it seems, rest-server ignores X-Forwarded-For header.
Could you help me, should it work or it’s a Feature Request?
Sincerely,
Ilya
1 Like
I have the same problem and I tracked it to rest-server off loading the logging to “gorilla/handlers”
This is solved in “gorilla/handler” by adding the “proxy_header” middleware BEFORE the logging middleware in order to rewrite the request.
If you are happy to build the code, you can see if the following patch helps.
(disclaimer - it works for me)
diff --git mux.go mux.go
index 77fcdb4..294708e 100644
--- mux.go
+++ mux.go
@@ -21,6 +21,10 @@ func (s *Server) debugHandler(next http.Handler) http.Handler {
})
}
+func (s *Server) proxyHandler(next http.Handler) http.Handler {
+ return handlers.ProxyHeaders(next)
+}
+
func (s *Server) logHandler(next http.Handler) http.Handler {
var accessLog io.Writer
@@ -104,6 +108,9 @@ func NewHandler(server *Server) (http.Handler, error) {
if server.Debug {
handler = server.debugHandler(handler)
}
+
+ handler = server.proxyHandler(handler)
+
if server.Log != "" {
handler = server.logHandler(handler)
}
Just for fun, I’ve added a feature request saying this
opened 07:02AM - 11 May 23 UTC
Hi,
By default, the logging in rest-server will always log the IP address of… the connection, which in many cases will be the nearest proxy.
Adding support for the `X-Forwarded-For` headers will allow the logging to display the correct external IP.
Currently 'gorilla/handlers' is used for logging. 'gorilla/handlers' fully supports decoding the `X-Forwarded-For` headers if
you add the `proxyHeaders` middleware before the logging middleware.
I'm currently using the following patch (against master) to implemented the additional middleware:
```diff
diff --git mux.go mux.go
index 77fcdb4..294708e 100644
--- mux.go
+++ mux.go
@@ -21,6 +21,10 @@ func (s *Server) debugHandler(next http.Handler) http.Handler {
})
}
+func (s *Server) proxyHandler(next http.Handler) http.Handler {
+ return handlers.ProxyHeaders(next)
+}
+
func (s *Server) logHandler(next http.Handler) http.Handler {
var accessLog io.Writer
@@ -104,6 +108,9 @@ func NewHandler(server *Server) (http.Handler, error) {
if server.Debug {
handler = server.debugHandler(handler)
}
+
+ handler = server.proxyHandler(handler)
+
if server.Log != "" {
handler = server.logHandler(handler)
}
```
As a result, my logs now show the correct external IP, instead of the IP address of my proxy.
Any thoughts?
1 Like
Ilya
May 11, 2023, 6:49am
3
Thanks!
It’ll be better to move this issue to https://github.com/restic/rest-server repo instead of restic client.
damn your eyes!
New feature request in the right place this time.
opened 07:02AM - 11 May 23 UTC
Hi,
By default, the logging in rest-server will always log the IP address of… the connection, which in many cases will be the nearest proxy.
Adding support for the `X-Forwarded-For` headers will allow the logging to display the correct external IP.
Currently 'gorilla/handlers' is used for logging. 'gorilla/handlers' fully supports decoding the `X-Forwarded-For` headers if
you add the `proxyHeaders` middleware before the logging middleware.
I'm currently using the following patch (against master) to implemented the additional middleware:
```diff
diff --git mux.go mux.go
index 77fcdb4..294708e 100644
--- mux.go
+++ mux.go
@@ -21,6 +21,10 @@ func (s *Server) debugHandler(next http.Handler) http.Handler {
})
}
+func (s *Server) proxyHandler(next http.Handler) http.Handler {
+ return handlers.ProxyHeaders(next)
+}
+
func (s *Server) logHandler(next http.Handler) http.Handler {
var accessLog io.Writer
@@ -104,6 +108,9 @@ func NewHandler(server *Server) (http.Handler, error) {
if server.Debug {
handler = server.debugHandler(handler)
}
+
+ handler = server.proxyHandler(handler)
+
if server.Log != "" {
handler = server.logHandler(handler)
}
```
As a result, my logs now show the correct external IP, instead of the IP address of my proxy.
Any thoughts?