0

Currently I have setup Pihole(v5.12.2) in an Ubuntu 20.04 VPS. I have installed Nginx as a reverse proxy for DNS over TLS and it works fine but in the logs in Pihole everything appears as 127.0.0.1 due to Nginx not forwarding the real IP of the each client.

This is currently my configuration:

upstream dns-servers 
    {
        server    127.0.0.1:53;
    }
    
server {
      listen 853 ssl;
      ssl_certificate /etc/letsencrypt/live/domainname.here/fullchain.pem;
      ssl_certificate_key /etc/letsencrypt/live/domainname.here/privkey.pem;

      ssl_protocols        TLSv1.2 TLSv1.3;
      ssl_ciphers          HIGH:!aNULL:!MD5;
            
      ssl_handshake_timeout    10s;
      ssl_session_cache        shared:SSL:20m;
      ssl_session_timeout      4h;
      proxy_pass dns-servers;
      proxy_responses 1;
      proxy_timeout 1s;
      }

If I try to add a directive for proxy_set_header or real_ip_header I get the message directive is not allowed here. I tried also to use this directive proxy_bind $remote_addr transparent; and although it is accepted it leads to a timeout in every request being made.

what is the proper way to forward the real IP of a client so it is received correctly by Pihole?

kampias
  • 459
  • 1
  • 10
  • 21

1 Answers1

0

Add proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; in nginx server context and log_guessed_client_ip = true in pi-hole doh-server.conf

Amin Cheloh
  • 465
  • 7
  • 14
  • I have tried to set the `proxy_set_header` but nginx shows the error `directive is not allowed here`. – kampias Oct 05 '22 at 17:40
  • @kampias please update nginx config in your question with `proxy_set_header` that shows the error. – Amin Cheloh Oct 05 '22 at 17:52
  • i have already mentioned it in my question just below the snippet that works at the moment. As i mention also the other two directives i tried – kampias Oct 06 '22 at 07:12