X-Forwarded-For on python applications backend

[ananiasfilho]

Describe the bug
Why is not possible use these parameters to get real client ip on Odoo, werkzeug, django apps?

proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;

Nginx Proxy Manager Version
v2.9.4

To Reproduce
Steps to reproduce the behavior:

1. install odoo, django or any app running with werkzeug python app server.
2. Point a virtual host to this server
3. check logs and you will not see client ip, but will see "Host" ip.

Expected behavior
See client real ip.

Operating System
Ubuntu 20.04

Additional context
When i change content of my virtualhost "location /"

from

add_header X-Served-By $host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass $forward_scheme://$server:$port;

to

proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;

i can see my client real ip.

Host IP: 10.10.6.107
My client real ip: 200.160.89.149

Example:
Default configuration:
2021-07-01 00:17:20,020 131 INFO odoo odoo.modules.registry: Invalidating all model caches after database signaling.
2021-07-01 00:17:39,629 119 INFO odoo odoo.modules.registry: Invalidating all model caches after database signaling.
2021-07-01 00:17:39,916 119 INFO odoo werkzeug: 10.10.6.107 - - [01/Jul/2021 00:17:39] "POST /web/dataset/call_kw/mail.channel/init_odoobot HTTP/1.1" 200 - 158 0.107 0.183
2021-07-01 00:18:10,301 126 INFO odoo odoo.modules.registry: Invalidating all model caches after database signaling.
2021-07-01 00:18:10,359 126 INFO odoo werkzeug: 10.10.6.107 - - [01/Jul/2021 00:18:10] "POST /web/dataset/call_kw/mail.channel/channel_join_and_get_info HTTP/1.1" 200 - 45 0.025 0.036

Custom configuration:
2021-07-01 00:12:52,324 127 INFO odoo werkzeug: 200.160.89.149 - - [01/Jul/2021 00:12:52] "POST /web/dataset/call_kw/mail.message/load_views HTTP/1.1" 200 - 32 0.020 0.029
2021-07-01 00:12:52,464 127 INFO odoo werkzeug: 200.160.89.149 - - [01/Jul/2021 00:12:52] "POST /web/dataset/call_kw/ir.filters/get_filters HTTP/1.1" 200 - 11 0.006 0.007
2021-07-01 00:12:52,470 126 INFO odoo werkzeug: 200.160.89.149 - - [01/Jul/2021 00:12:52] "GET /web/image?model=res.users&field=image_small&id=2 HTTP/1.1" 304 - 14 0.005 0.011
2021-07-01 00:12:52,543 126 INFO odoo werkzeug: 200.160.89.149 - - [01/Jul/2021 00:12:52] "POST /web/dataset/call_kw/mail.message/message_fetch HTTP/1.1" 200 - 9 0.005 0.007

[PlasmatikSteak]

I seem to have a similarly problem running NPM in Docker Desktop on Windows 10.

When I set up an access list in npm I can see in the error log for any hosts with that list, that the client ip is the gateway of the docker container, and because I can't whitelist the gateway everything is blocked.
If i whitelist the gateway everything is acceptet :(

[eastoncrafter]

We're you able to fix this? I have docker desktop too, along with a chevereto instance after it, and it's dashboard gave me the computer that was hosting npms local ip...

[chaptergy]

Please see #1105 (comment). If you use cloudflare, this could also change the IP received by nginx.