As it stands, when proxying with nginx, REMOTE_ADDR will always be 127.0.0.1 . While it is possible to set and use X_REAL_IP or the like, existing software that depends on REMOTE_ADDR will have problems.The solution proposed was inspired by php-fpm handling, where REMOTE_ADDR and REMOTE_PORT are set. However in an nginx proxy environment HTTP_ is prepended to the $_SERVER variable. |
ping @marcj lgtm- what do you think? |
My question remains open |
What question is that? |
While waiting for marc's question I'm wondering if we shouldn't rather set the x-forwarded-* headers instead of faking REMOTE_ADDR . This should be in line with https://symfony.com/doc/current/deployment/proxies.html.If doing so we should however only relay x-forwarded-* headers to the client if they are coming from a trusted proxy, i.e. we'd need another config option for that plus use something like Symfony Router/Matcher for checking proxy validity.Am I making sense here? |
I completely understand what you mean. We did it this way to keep applications already using REMOTE_ADDR from FPM and nginx working. It is a fairly common use case to pass this info into REMOTE_ADDR from niginx, one that FPM allows. Also with X-FORWARDED-* you have to be careful to append and not overwrite. |
d1dd43f
into php-pm:master