the setup in question looks like this:
my web app implemented using fastapi and deployed using gunicorn and the uvicorn worker class, is behind an nginx proxy on the same host with IP address 172.31.x.x (and behind other remote appliances like VPN concentrator, etc.)
nginx is configured like:
location / {
real_ip_header X-Forwarded-For;
real_ip_recursive on;
set_real_ip_from 172.31.x.x/32; # well-known vpn concentrator
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_pass http://172.31.x.x:5045;
gunicorn is configured like:
OPTIONS="--bind 127.0.0.1:5045 --bind 172.31.x.x:5045 --forwarded-allow-ips=127.0.0.1,172.31.x.x --workers 1 --worker-class uvicorn.workers.Uv
icornWorker --log-config config/logging.conf"
in fastapi using the starlette.requests.Request object (named request), request.client.host prints the interface IP address of the server that hosts the web app (that is 172.31.x.x)
request.headers["x-real-ip"], request.headers["x-forwarded-for"]both print the IP address of the appliance before my proxy, which is a well-known firewall appliance in my company.
What I would like to ask is:
- is it possible to print the whole
X-Forwarded-ForHTTP header to see the intermediary proxying services ? - how to retrieve the real client IP address of my end user (essentially overriding the well-known whitelisting IP address) ?
