Comments (8)
That's aleady how it works :D you see different stuff with different ip addresses
from easy-gate.
Check the new version (just released) and set "behind_proxy": true in order to tell Easy Gate to check for X-Forwarded-For (if disabled it will check remote address).
from easy-gate.
It looks like the trigger function is off the XFF header on the request, which makes sense. You don't always know the requestor IP if you are behind a proxy or a firewall the client IP will look like firewall or proxy, which would gum up the works. Unfortunately I can't see to even get that functionality to work properly... will keep trying :|
from easy-gate.
As already stated in another issue is probably better to wait for the next release, which simplify the configuration. You may already build and run the next release by switching to the develop branch or wait tomorrow (maybe?) for the merge (The release is ready but not yet tested as much as I am confortable to, so might be unstable).
As for the current release try to take a look at the docker-compose.nginx.yml file and the easy-gate.nginx.conf file. The confusing part is that Easy Gate itself has an instance of nginx inside the image (this is the part that has been removed from the next release), so the easy-gate.nginx.conf in that example is used to overwrite easy gate INTERNAL nginx configuration in order to accept and forward XFF.
So in the end you will have Client -> Your Nginx -> Easy Gate Nginx. In this configuration "Your Nginx" should add the XFF header in first place and forward it to Easy Gate Nginx, by supplying the following configuration (to your nginx):
server {
listen 80;
gzip on;
server_tokens off;
client_max_body_size 30M;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://easy-gate:8080;
}
// ADD SERVER NAME HERE IF YOU NEED IT
}
from easy-gate.
Thanks @r7wx! Great project!
from easy-gate.
Closing the issue for now due to new release b5e81c2, feel free to open if you have any questions/issues.
from easy-gate.
to be honest, I didn't understand a lot of these comments but running easy-gate behind traefik as reverse proxy is easy-peasy, here is my docker-compose.yml if anyone is interested. No other configuration to any nginx needed.
I'm trying to help out, if this is just confusing, and you probably know better, feel free to ignore it, I can live with easy-gate as is.
version: '3.9'
# https://github.com/r7wx/easy-gate
# get more icons: https://fontawesome.com/icons
services:
easy-gate:
image: r7wx/easy-gate:latest
container_name: easy-gate
hostname: easy-gate
volumes:
- ./easy-gate.json:/etc/easy-gate/easy-gate.json
restart: "no"
environment:
- TZ=Europe/Berlin
networks:
- traefik
ports:
- 8080:8080
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.gate.tls=true"
- "traefik.http.routers.gate.entrypoints=https"
- "traefik.http.routers.gate.rule=Host(`sub.domain.tld`)"
- "traefik.http.routers.gate.middlewares=secHeaders@file,authentik@docker"
- "traefik.http.routers.gate.service=gate"
- "traefik.http.services.gate.loadbalancer.server.port=8080"
networks:
traefik:
external:
name: traefik
to debug the whole thing behind a reverse proxy I just switched the image line with this one:
image: traefik/whoami
and changed the target port to 80
- "traefik.http.services.gate.loadbalancer.server.port=80"
accessing easy-gate via https://sub.domain.tld I see these headers beeing passed on to easy-gate by traefik (removed unimportant ones and masked my domain):
Hostname: easy-gate
IP: 127.0.0.1
IP: 172.16.5.17
RemoteAddr: 172.16.5.12:52796
GET / HTTP/1.1
Host: sub.domain.tld
Upgrade-Insecure-Requests: 1
X-Forwarded-For: 10.10.10.1
X-Forwarded-Host: sub.domain.tld
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: traefik
X-Real-Ip: 10.10.10.1
compare with accessing easy-gate via local IP:
Hostname: easy-gate
IP: 127.0.0.1
IP: 172.16.5.17
RemoteAddr: 10.10.10.241:51275
GET / HTTP/1.1
Host: 10.10.10.10:8080
so I assume the group part of easy-gate is looking at: RemoteAddr ?
Can it possibly be made to look for the X-Forwarded-For header too?
If behind reverse proxy, RemoteAddr will reflect the reverse proxy's Docker IP.
from easy-gate.
It looks like the trigger function is off the XFF header on the request, which makes sense.
are you sure its doing that?
from easy-gate.
Related Issues (16)
- Dark Mode HOT 3
- Support for yaml and environment variables HOT 5
- [Portainer][Error Code 400] Unable to deploy with Portainer HOT 5
- [Feature Request] Options / Settings HOT 1
- Failure to Launch HOT 5
- Improve logging HOT 1
- Add options to change the String in Services and Notes HOT 4
- [Feature Request] IP Adress related redirecting HOT 2
- Is there a way to embed html in a note? HOT 2
- Group Links HOT 2
- armv7 compatibility HOT 5
- Custom CSS HOT 3
- URL with trailing slash causes troubles HOT 3
- Need help running behind reverse proxy (traefik) HOT 4
- Custom Icons HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from easy-gate.