Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for Fly-Client-IP? #30

Closed
Miserlou opened this issue Mar 22, 2022 · 9 comments
Closed

Support for Fly-Client-IP? #30

Miserlou opened this issue Mar 22, 2022 · 9 comments

Comments

@Miserlou
Copy link

This repo doesn't seem to work with Phoenix apps deployed to Fly.io, which is one of the larger Elixir webhosts. They instead provide a [Fly-Client-IP](https://fly.io/docs/reference/runtime-environment/#fly-client-ip) header. Would be cool if this project could support that, if possible.

@Miserlou
Copy link
Author

They do insert the client IP in X-Forwarded-For, but at the front, so it isn't returned by this library because of reasons described here #28

@ajvondrak
Copy link
Owner

Have you tried configuring headers: ["fly-client-ip"]? https://hexdocs.pm/remote_ip/RemoteIp.Options.html

@ivanpetrovic
Copy link

Adding headers: ["fly-client-ip"] works

@ajvondrak
Copy link
Owner

Thanks for confirming, @ivanpetrovic! I'll go ahead and close this issue, then.

@bartblast
Copy link

There's still a problem with socket connections where you need to use x headers.

@ajvondrak
Copy link
Owner

@bartblast What problem, specifically? I've never worked with Phoenix sockets.

RemoteIp.from/2 accepts all the same options as the plug, so in theory you could pass in headers: ["fly-client-ip"] from a Phoenix.Socket. But I guess Phoenix only gives you the headers that begin with "x-": https://github.com/phoenixframework/phoenix/blob/385bdebdcc879dfb06f02faa5bef7d5e0b97761c/lib/phoenix/socket/transport.ex#L528-L532 There's nothing RemoteIp can do about the headers Phoenix makes available; you'd have to bring it up with them.

If the Fly-Client-IP header wouldn't be added to a socket connection by Fly.io anyway, then you'll have to use a different header. Going through X-Forwarded-For, with its comma-separated values, you'll want to understand how the algorithm works and configure things accordingly. For even more depth, there's a brilliant article linked in #29, where we've also been having some discussions about implications for the future of the RemoteIp plug. (As is, the plug uses a single opinionated algorithm for the sake of security, but we're thinking about how to generalize it to allow other strategies.)

@bartblast
Copy link

RemoteIp.from/2 accepts all the same options as the plug, so in theory you could pass in headers: ["fly-client-ip"] from a Phoenix.Socket. But I guess Phoenix only gives you the headers that begin with "x-": https://github.com/phoenixframework/phoenix/blob/385bdebdcc879dfb06f02faa5bef7d5e0b97761c/lib/phoenix/socket/transport.ex#L528-L532 There's nothing RemoteIp can do about the headers Phoenix makes available; you'd have to bring it up with them.

Thanks for the thorough reply! Yes, I meant that x- headers only are passed in the Phoenix socket context.
Actually Fly.io puts the whole forwarded IP chain to the correct header, I managed to solve my problems by using the "proxies" option (the list of known proxies) thanks to which the lib ignores Fly.io proxy and fetches the correct remote IP.

@codeadict
Copy link

@bartblast Where did you find the proxies CIDRS or IPs for fly.io

@bartblast
Copy link

@codeadict You need to use the IP listed in the fly.io admin panel: (your app) > Overview > IP addresses. Or analyze the actual request headers, it should be included there as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants