View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006275 | unreal | ircd | public | 2023-05-19 19:44 | 2023-06-13 20:26 |
| Reporter | adamus1red | Assigned To | syzop | ||
| Priority | normal | Severity | feature | Reproducibility | have not tried |
| Status | resolved | Resolution | fixed | ||
| Product Version | 6.1.0 | ||||
| Fixed in Version | 6.1.1-rc1 | ||||
| Summary | 0006275: Add support for x-forward-for & forwarded headers in webserver module | ||||
| Description | The X-Forwarded-For header field is a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy. It is commonly used by CDN and reverse-proxying. This would allow using a normal webserver for proxying websocket connections rather than having to dedicate http/https ports for a single IRCd websocket. | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
|
|
k4be added support for the "Forwarded" header in the websocket module in Aug 2021. It's not well documented and I don't think there are many people using it so I can't vouch on how well it works, maybe k4be uses it himself on his net ? It does not implement "X-Forwarded-For" or "Forwarded-for" headers though, so that would be a TODO item. Of course, if the other feature is working then this one should be easy (?) to implement. |
|
|
Oh you say "Forwarded" in your bug title, yeah that should work. You must specify the IP of the proxy in listen::options::websocket::forward. Here is an example (untested, see previous comments): listen {
ip *;
port 8000;
options {
tls;
websocket {
type text;
forward "127.0.0.1"; // IP of the proxy
}
}
tls-options {
certificate "/etc/letsencrypt/live/irc.example.org/fullchain.pem";
key "/etc/letsencrypt/live/irc.example.org/privkey.pem";
options {
no-client-certificate;
}
}
} |
|
|
I've tried using the forward option. It doesn't seem to be working as expected. After attempting to put the websocket behind a forwarding proxy I still get 127.0.0.1 reported as the source IP when a client connects via the websocket. |
|
|
I did a couple of commits in latest git. Feel free to test it out. I verified that it works with the "Forwarded" header and have documented an example NGINX setup (although obviously you don't need to use NGINX). Documentation is at https://www.unrealircd.org/docs/Proxy_block including that example. For more information on using latest git, see https://www.unrealircd.org/docs/FAQ#How_do_I_get_the_latest_source_code.3F |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2023-05-19 19:44 | adamus1red | New Issue | |
| 2023-05-19 19:55 | syzop | Note Added: 0022864 | |
| 2023-05-19 19:55 | syzop | Note Edited: 0022864 | |
| 2023-05-19 19:59 | syzop | Note Added: 0022865 | |
| 2023-05-19 20:00 | syzop | Note Edited: 0022865 | |
| 2023-05-19 23:12 | adamus1red | Note Added: 0022867 | |
| 2023-05-19 23:12 | adamus1red | File Added: image.png | |
| 2023-05-26 14:30 | syzop | Note Added: 0022885 | |
| 2023-05-27 17:32 | syzop | Assigned To | => syzop |
| 2023-05-27 17:32 | syzop | Status | new => feedback |
| 2023-06-13 20:26 | syzop | Status | feedback => resolved |
| 2023-06-13 20:26 | syzop | Resolution | open => fixed |
| 2023-06-13 20:26 | syzop | Fixed in Version | => 6.1.1-rc1 |
