HAproxy and client IP

Subforum for general discussions. Do not dump your questions/problems here, but try to find the subforum where it belongs!

Moderators: leecollings, remb0

Post Reply
User avatar
Varazir
Posts: 360
Joined: Friday 20 February 2015 22:23
Target OS: Raspberry Pi / ODroid
Domoticz version: Beta
Contact:

HAproxy and client IP

Post by Varazir »

Hello,

I have HA proxy in front of Domoticz for SSL offloading.
I can't get Domoticz see the client IP.

I did a tcpdump and checked the output in wireshark.

I can see this.
Image
Raspberry PI 2 with RaZberry Controller 2016 ZWave+ and CC2531(zigbee)
Several IKEA devices/z-wave devices
User avatar
gizmocuz
Posts: 2350
Joined: Thursday 11 July 2013 18:59
Target OS: Raspberry Pi / ODroid
Domoticz version: beta
Location: Top of the world
Contact:

Re: HAproxy and client IP

Post by gizmocuz »

Did you add your HAproxy IP Address in the "Trusted Networks" under Settings?
Quality outlives Quantity!
User avatar
Varazir
Posts: 360
Joined: Friday 20 February 2015 22:23
Target OS: Raspberry Pi / ODroid
Domoticz version: Beta
Contact:

Re: HAproxy and client IP

Post by Varazir »

gizmocuz wrote: Monday 08 July 2024 8:50 Did you add your HAproxy IP Address in the "Trusted Networks" under Settings?
No, I don't want that at the moment. As even if you access domoticz external you will get the HAproxy IP
Raspberry PI 2 with RaZberry Controller 2016 ZWave+ and CC2531(zigbee)
Several IKEA devices/z-wave devices
viralkuinfo7
Posts: 1
Joined: Friday 19 July 2024 13:29
Target OS: OS X
Domoticz version:
Contact:

Re: HAproxy and client IP

Post by viralkuinfo7 »

thanks very much
User avatar
Varazir
Posts: 360
Joined: Friday 20 February 2015 22:23
Target OS: Raspberry Pi / ODroid
Domoticz version: Beta
Contact:

Re: HAproxy and client IP

Post by Varazir »

Anyone that can help out here ?
Raspberry PI 2 with RaZberry Controller 2016 ZWave+ and CC2531(zigbee)
Several IKEA devices/z-wave devices
User avatar
kiddigital
Posts: 435
Joined: Thursday 10 August 2017 6:52
Target OS: Raspberry Pi / ODroid
Domoticz version: Beta
Location: Netherlands
Contact:

Re: HAproxy and client IP

Post by kiddigital »

Varazir wrote:
gizmocuz wrote: Monday 08 July 2024 8:50 Did you add your HAproxy IP Address in the "Trusted Networks" under Settings?
No, I don't want that at the moment. As even if you access domoticz external you will get the HAproxy IP
I think you want that Image
Domoticz needs to know if it can trust Proxy headers it receives. Otherwise anyone can pretend to be a proxy.
So when you add the Proxy IP address to the trusted network, domoticz will process the proxy headers. And with the proper proxy headers it will also see the real client IP and act accordingly.
One RPi with Domoticz, RFX433e, aeon labs z-wave plus stick GEN5, ha-bridge 5.4.0 for Alexa, Philips Hue Bridge, Pimoroni Automation Hat
One RPi with Pi foundation standard touch screen to display Dashticz
User avatar
Varazir
Posts: 360
Joined: Friday 20 February 2015 22:23
Target OS: Raspberry Pi / ODroid
Domoticz version: Beta
Contact:

Re: HAproxy and client IP

Post by Varazir »

kiddigital wrote: Thursday 15 August 2024 22:07
Varazir wrote:
gizmocuz wrote: Monday 08 July 2024 8:50 Did you add your HAproxy IP Address in the "Trusted Networks" under Settings?
No, I don't want that at the moment. As even if you access domoticz external you will get the HAproxy IP
I think you want that Image
Domoticz needs to know if it can trust Proxy headers it receives. Otherwise anyone can pretend to be a proxy.
So when you add the Proxy IP address to the trusted network, domoticz will process the proxy headers. And with the proper proxy headers it will also see the real client IP and act accordingly.
You are talking about "Trusted Networks (no username/password):" I don't wan't to set my proxy adress then everyone just bypass logon...
Raspberry PI 2 with RaZberry Controller 2016 ZWave+ and CC2531(zigbee)
Several IKEA devices/z-wave devices
janpep
Posts: 212
Joined: Thursday 14 March 2024 10:11
Target OS: Linux
Domoticz version: 2024.7
Location: Netherlands
Contact:

Re: HAproxy and client IP

Post by janpep »

Varazir wrote: Thursday 15 August 2024 22:10 You are talking about "Trusted Networks (no username/password):" I don't wan't to set my proxy adress then everyone just bypass logon...
Did you test that or do you think that?
Domoticz is connected by the ip adress of the proxy, but it should see the remote addres (that is forwarded by the proxy if headers are set right), so that should not be the case.
Domoticz in Ubuntu virtual machine on Synology DS718+ behind FRITZ!Box.
Using: EvoHome; MELCloud; P1 meter; Z-Stick GEN5; Z-Wave-js-ui; MQTT; Greenwave powernodes 1+6; Fibaro switch, plugs, smoke; FRITZ!DECT 200. Scripts listed in profile interests.
User avatar
kiddigital
Posts: 435
Joined: Thursday 10 August 2017 6:52
Target OS: Raspberry Pi / ODroid
Domoticz version: Beta
Location: Netherlands
Contact:

Re: HAproxy and client IP

Post by kiddigital »

Varazir wrote:
kiddigital wrote: Thursday 15 August 2024 22:07
Varazir wrote: No, I don't want that at the moment. As even if you access domoticz external you will get the HAproxy IP
I think you want that Image
Domoticz needs to know if it can trust Proxy headers it receives. Otherwise anyone can pretend to be a proxy.
So when you add the Proxy IP address to the trusted network, domoticz will process the proxy headers. And with the proper proxy headers it will also see the real client IP and act accordingly.
You are talking about "Trusted Networks (no username/password):" I don't wan't to set my proxy adress then everyone just bypass logon...
When you add the Proxy IP to the Trusted list, it does NOT mean everyone will bypass the login. Give it a try and test it (I assume you are using a recent version of Domoticz).
The users that want to access domoticz through your Proxy will be checked against their real IP address and NOT the Proxy IP.
Try and test!
One RPi with Domoticz, RFX433e, aeon labs z-wave plus stick GEN5, ha-bridge 5.4.0 for Alexa, Philips Hue Bridge, Pimoroni Automation Hat
One RPi with Pi foundation standard touch screen to display Dashticz
Post Reply

Who is online

Users browsing this forum: Google [Bot] and 1 guest