rejetto forum
Software => HFS ~ HTTP File Server => Topic started by: R2B2 on December 14, 2020, 05:30:08 PM
-
Hey all. First, I just wanted to say that HFS is pretty flipping great! It is exactly what I was looking for, so thank you for your efforts!
I am only having one slight issue that I can't seem to figure out and was hoping you'd be able to guide me in the right direction?
I set up HFS behind stunnel, and for some reason I cannot get them to pass the originating IP address to the HFS log file. Everything that gets logged is showing the IP address is my internal one (192.168.1.100) and I need it to show the external address from where the request is coming from. I have searched through the forums (both here and stunnel) and have tried pretty much everything I've found - from changing the INI file to "forward-mask=*", etc. and nothing is working. What am I missing? I'm sure it's an easy fix, but I'm coming up empty. :'(
Can someone help me out? I would greatly appreciate it!!
Thanks in advance!
-
there is no solution, stunnel does not allow to transmit external ip addresses except in its linux version
http://www.rejetto.com/wiki/index.php?title=HFS:_Secure_your_server
-
there is no solution, stunnel does not allow to transmit external ip addresses except in its linux version
http://www.rejetto.com/wiki/index.php?title=HFS:_Secure_your_server
Ahh ok. I guess that explains why I can't get it working. I guess I can just use the stunnel logs instead, or maybe set up a reverse proxy from Apache to secure the connection instead.
Thanks for getting back to me!
-
I currently use an nginx reverse proxy and can pass the connecting ip. I tried this with Apache and was never successful.
As a side note, HFS is always going to show the connection coming from the proxy IP address, but in HFS you can turn off logging of that connection and instead record the IP of the GET requests, which is what nginx passes and likely the address your interested in.
An added bonus to using a reverse proxy is it can easily be setup to use free Letsencrypt SSL certs and the HFS server can remain standard HTTP.
Here's what you need nginx to pass in a custom header:
X-REAL-IP - $remote_addr
X-Forwarded-For $remote_addr
Host $host
X-Forwarded-Proto $scheme
-
I currently use an nginx reverse proxy and can pass the connecting ip. I tried this with Apache and was never successful.
As a side note, HFS is always going to show the connection coming from the proxy IP address, but in HFS you can turn off logging of that connection and instead record the IP of the GET requests, which is what nginx passes and likely the address your interested in.
An added bonus to using a reverse proxy is it can easily be setup to use free Letsencrypt SSL certs and the HFS server can remain standard HTTP.
Here's what you need nginx to pass in a custom header:
X-REAL-IP - $remote_addr
X-Forwarded-For $remote_addr
Host $host
X-Forwarded-Proto $scheme
https://rejetto.com/forum/index.php?topic=13059.msg1064448#msg1064448 - to get real IP in logs
-
i'm using nginx too
https://rejetto.com/forum/index.php?topic=13060.msg1066004#msg1066004
-
there is no solution, stunnel does not allow to transmit external ip addresses except in its linux version
http://www.rejetto.com/wiki/index.php?title=HFS:_Secure_your_server
What about a reverse proxy?
I setup a reverse proxy over a cloudflare worker >> dns >> HFS server
I tried passing the cf connecting ip header and the xforwarded for header, the best i could get it to was show the "IP connected" log output.
But when I download the file, it wont show the origin IP but of cf instead.
Am i doing things wrong or is HFS simply not accepting the header?
-
https://rejetto.com/forum/index.php?topic=13059.msg1064448#msg1064448 - to get real IP in logs
Crap, I should have read all the replies before posting mine.