Hello,
I have HA proxy in front of Domoticz for SSL offloading.
I can't get Domoticz see the client IP.
I did a tcpdump and checked the output in wireshark.
I can see this.
HAproxy and client IP
Moderators: leecollings, remb0
- Varazir
- Posts: 360
- Joined: Friday 20 February 2015 22:23
- Target OS: Raspberry Pi / ODroid
- Domoticz version: Beta
- Contact:
HAproxy and client IP
Raspberry PI 2 with RaZberry Controller 2016 ZWave+ and CC2531(zigbee)
Several IKEA devices/z-wave devices
Several IKEA devices/z-wave devices
- gizmocuz
- Posts: 2350
- Joined: Thursday 11 July 2013 18:59
- Target OS: Raspberry Pi / ODroid
- Domoticz version: beta
- Location: Top of the world
- Contact:
Re: HAproxy and client IP
Did you add your HAproxy IP Address in the "Trusted Networks" under Settings?
Quality outlives Quantity!
- Varazir
- Posts: 360
- Joined: Friday 20 February 2015 22:23
- Target OS: Raspberry Pi / ODroid
- Domoticz version: Beta
- Contact:
Re: HAproxy and client IP
No, I don't want that at the moment. As even if you access domoticz external you will get the HAproxy IP
Raspberry PI 2 with RaZberry Controller 2016 ZWave+ and CC2531(zigbee)
Several IKEA devices/z-wave devices
Several IKEA devices/z-wave devices
-
- Posts: 1
- Joined: Friday 19 July 2024 13:29
- Target OS: OS X
- Domoticz version:
- Contact:
Re: HAproxy and client IP
thanks very much
- Varazir
- Posts: 360
- Joined: Friday 20 February 2015 22:23
- Target OS: Raspberry Pi / ODroid
- Domoticz version: Beta
- Contact:
Re: HAproxy and client IP
Anyone that can help out here ?
Raspberry PI 2 with RaZberry Controller 2016 ZWave+ and CC2531(zigbee)
Several IKEA devices/z-wave devices
Several IKEA devices/z-wave devices
- kiddigital
- Posts: 435
- Joined: Thursday 10 August 2017 6:52
- Target OS: Raspberry Pi / ODroid
- Domoticz version: Beta
- Location: Netherlands
- Contact:
Re: HAproxy and client IP
I think you want that
Domoticz needs to know if it can trust Proxy headers it receives. Otherwise anyone can pretend to be a proxy.
So when you add the Proxy IP address to the trusted network, domoticz will process the proxy headers. And with the proper proxy headers it will also see the real client IP and act accordingly.
One RPi with Domoticz, RFX433e, aeon labs z-wave plus stick GEN5, ha-bridge 5.4.0 for Alexa, Philips Hue Bridge, Pimoroni Automation Hat
One RPi with Pi foundation standard touch screen to display Dashticz
One RPi with Pi foundation standard touch screen to display Dashticz
- Varazir
- Posts: 360
- Joined: Friday 20 February 2015 22:23
- Target OS: Raspberry Pi / ODroid
- Domoticz version: Beta
- Contact:
Re: HAproxy and client IP
You are talking about "Trusted Networks (no username/password):" I don't wan't to set my proxy adress then everyone just bypass logon...kiddigital wrote: ↑Thursday 15 August 2024 22:07I think you want that
Domoticz needs to know if it can trust Proxy headers it receives. Otherwise anyone can pretend to be a proxy.
So when you add the Proxy IP address to the trusted network, domoticz will process the proxy headers. And with the proper proxy headers it will also see the real client IP and act accordingly.
Raspberry PI 2 with RaZberry Controller 2016 ZWave+ and CC2531(zigbee)
Several IKEA devices/z-wave devices
Several IKEA devices/z-wave devices
-
- Posts: 212
- Joined: Thursday 14 March 2024 10:11
- Target OS: Linux
- Domoticz version: 2024.7
- Location: Netherlands
- Contact:
Re: HAproxy and client IP
Did you test that or do you think that?
Domoticz is connected by the ip adress of the proxy, but it should see the remote addres (that is forwarded by the proxy if headers are set right), so that should not be the case.
Domoticz in Ubuntu virtual machine on Synology DS718+ behind FRITZ!Box.
Using: EvoHome; MELCloud; P1 meter; Z-Stick GEN5; Z-Wave-js-ui; MQTT; Greenwave powernodes 1+6; Fibaro switch, plugs, smoke; FRITZ!DECT 200. Scripts listed in profile interests.
Using: EvoHome; MELCloud; P1 meter; Z-Stick GEN5; Z-Wave-js-ui; MQTT; Greenwave powernodes 1+6; Fibaro switch, plugs, smoke; FRITZ!DECT 200. Scripts listed in profile interests.
- kiddigital
- Posts: 435
- Joined: Thursday 10 August 2017 6:52
- Target OS: Raspberry Pi / ODroid
- Domoticz version: Beta
- Location: Netherlands
- Contact:
Re: HAproxy and client IP
When you add the Proxy IP to the Trusted list, it does NOT mean everyone will bypass the login. Give it a try and test it (I assume you are using a recent version of Domoticz).Varazir wrote:You are talking about "Trusted Networks (no username/password):" I don't wan't to set my proxy adress then everyone just bypass logon...kiddigital wrote: ↑Thursday 15 August 2024 22:07I think you want thatVarazir wrote: No, I don't want that at the moment. As even if you access domoticz external you will get the HAproxy IP
Domoticz needs to know if it can trust Proxy headers it receives. Otherwise anyone can pretend to be a proxy.
So when you add the Proxy IP address to the trusted network, domoticz will process the proxy headers. And with the proper proxy headers it will also see the real client IP and act accordingly.
The users that want to access domoticz through your Proxy will be checked against their real IP address and NOT the Proxy IP.
Try and test!
One RPi with Domoticz, RFX433e, aeon labs z-wave plus stick GEN5, ha-bridge 5.4.0 for Alexa, Philips Hue Bridge, Pimoroni Automation Hat
One RPi with Pi foundation standard touch screen to display Dashticz
One RPi with Pi foundation standard touch screen to display Dashticz
Who is online
Users browsing this forum: Google [Bot] and 1 guest