IP Header Not Match

Help
1

Hello, my dears.
I have a small problem.
When I log in via Bitwarden Web, I get an email that I have logged in.
The problem is the IP is wrong it always takes: 172.17.0.1
I use docker with an Apache Reverse Proxy …
In the diagnostics there is IP header No Match.

image
image754×201 8.14 KB

Would be cool if someone could help me.
Thanks!

2

Either configure Apache to use X-Real-IP or configure Vaultwarden to use X-Forwarded-For.
Also see Proxy examples · dani-garcia/vaultwarden Wiki · GitHub

1 Like
3

Thanks for the quick help.
It worked for me.
But, it shows wrong public IP addresses.
The server is behind the Cloudflare proxy. Could it be that the IP of Cloudflare is taken instead of that of the user?

4

With Cloudflare you need to use X-Forwarded-For or CF-Connecting-IP:

https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Cloudflare-handle-HTTP-Request-headers-

2 Likes
5

Could you help me a little further?
I have now installed the “mod_cloudflare”.
I ran the “sudo a2enmod remoteip” command.
I also made this:

image
image795×820 61.7 KB

How do i have to edit my reverse proxy configuration now?
With X-Real-IP it looked like this:

<VirtualHost *:80>
ServerName domain.com
Redirect permanent / https://domain.com/
</VirtualHost>
<VirtualHost *:443>
   ServerName domain.com
   SSLEngine On
   ProxyPreserveHost On
   SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
   ProxyPass / http://127.0.0.1:xy/
   ProxyPassReverse / 127.0.0.1:xy/
   ProxyPreserveHost On
   ProxyRequests Off
   RequestHeader set X-Real-IP %{REMOTE_ADDR}s
</VirtualHost>

Without X-Real-IP it looks like this:

<VirtualHost *:80>
ServerName domain.com
Redirect permanent / https://domain.com/
</VirtualHost>
<VirtualHost *:443>
   ServerName domain.com
   SSLEngine On
   ProxyPreserveHost On
   SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
   ProxyPass / http://127.0.0.1:xy/
   ProxyPassReverse / 127.0.0.1:xy/
</VirtualHost>

How do i have to edit this code to use the CF-Connecting-IP ?

6

You don’t need to do anything in the Apache config. Just go to the admin page and set Client IP header (ip_header config item) to either X-Forwarded-For or CF-Connecting-IP.

See

7

Done. I tried both one but always header not match and the IP is every time 172.17.0.1…

image
image1536×128 15.5 KB

What am I doing wrong?

8

And here the other one:

image
image1520×180 20.2 KB

I can’t post two pictures in one post…

9

This should not happen unless you have trailing whitespace in your config. Ideally we should trim it automatically, but I don’t think that’s done currently.

10

Cloudflare should always be inserting CF-Connecting-IP automatically, so you may have some module or other configuration in Apache that is stripping that header.

11

Finaly:

image
image803×46 2.01 KB

Thanks a lot guys for your help!

12

Thank you! This helped me.

1 Like