IP Header Not Match

Hello, my dears.
I have a small problem.
When I log in via Bitwarden Web, I get an email that I have logged in.
The problem is the IP is wrong it always takes: 172.17.0.1
I use docker with an Apache Reverse Proxy …
In the diagnostics there is IP header No Match.

Would be cool if someone could help me.
Thanks!

Either configure Apache to use X-Real-IP or configure Vaultwarden to use X-Forwarded-For.
Also see Proxy examples · dani-garcia/vaultwarden Wiki · GitHub

1 Like

Thanks for the quick help.
It worked for me.
But, it shows wrong public IP addresses.
The server is behind the Cloudflare proxy. Could it be that the IP of Cloudflare is taken instead of that of the user?

With Cloudflare you need to use X-Forwarded-For or CF-Connecting-IP:

https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Cloudflare-handle-HTTP-Request-headers-

1 Like

Could you help me a little further?
I have now installed the “mod_cloudflare”.
I ran the “sudo a2enmod remoteip” command.
I also made this:

How do i have to edit my reverse proxy configuration now?
With X-Real-IP it looked like this:

<VirtualHost *:80>
ServerName domain.com
Redirect permanent / https://domain.com/
</VirtualHost>
<VirtualHost *:443>
   ServerName domain.com
   SSLEngine On
   ProxyPreserveHost On
   SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
   ProxyPass / http://127.0.0.1:xy/
   ProxyPassReverse / 127.0.0.1:xy/
   ProxyPreserveHost On
   ProxyRequests Off
   RequestHeader set X-Real-IP %{REMOTE_ADDR}s
</VirtualHost>

Without X-Real-IP it looks like this:

<VirtualHost *:80>
ServerName domain.com
Redirect permanent / https://domain.com/
</VirtualHost>
<VirtualHost *:443>
   ServerName domain.com
   SSLEngine On
   ProxyPreserveHost On
   SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
   ProxyPass / http://127.0.0.1:xy/
   ProxyPassReverse / 127.0.0.1:xy/
</VirtualHost>

How do i have to edit this code to use the CF-Connecting-IP ?

You don’t need to do anything in the Apache config. Just go to the admin page and set Client IP header (ip_header config item) to either X-Forwarded-For or CF-Connecting-IP.

See

Done. I tried both one but always header not match and the IP is every time 172.17.0.1…


What am I doing wrong?

And here the other one:


I can’t post two pictures in one post…

This should not happen unless you have trailing whitespace in your config. Ideally we should trim it automatically, but I don’t think that’s done currently.

Cloudflare should always be inserting CF-Connecting-IP automatically, so you may have some module or other configuration in Apache that is stripping that header.

Finaly:


Thanks a lot guys for your help!