Question

Client IP on App Platform

Posted October 19, 2021 155 views
ApacheDigitalOcean Managed Load BalancersDigitalOcean App Platform

Hi,

Firstly thanks for all the great community resources here 👍

I’ve been testing out the App Platform with a Docker container that hosts an Apache server. I was wondering what would be the correct way to configure it such that it reports the correct client IP as opposed to the load balancer IPs (I’m assuming that’s the IP I’m seeing)?

I read through this related question which was really useful.

From a quick test, I can see the X-Forwarded-For and DO-Connecting-IP are populated in the headers and contain the client IP.

Setting RemoteIPHeader X-Forwarded-For on it’s own doesn’t do the trick sadly. Reading further through the docs of mode_remoteip it seems in order for this work a list of trusted proxy IP addresses is needed.

e.g. RemoteIPTrustedProxy 141.101.64.0/18

Is there a stable set hostnames or IP ranges that can be used? Is there perhaps a more correct way of achieving this on App Platform?

Thanks!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hey there!

The DO_Connecting-IP header should actually contain the connecting IP address of the client. This header would be used to obtain that information.

DO_Connecting-IP

Hope it helps!
Nate

  • Thanks!

    I got it working in the end without needing to specify the list of trusted sources 🤔I must have made a mistake in my earlier trials.

    For anyone else running into this specifically with Apache, here’s what worked for me:

    • Setup mod_remoteip via a2enmod remoteip
    • Add RemoteIPHeader X-Forwarded-For or RemoteIPHeader DO-Connecting-IP to the configuration (both seem to do the trick).