invis.net

Nginx gateway host: wrong IP logged in /var/log/messages

Hello.
I am using a setuo with Wordpress on nginx. Because the system also hosts Nextcloud, I have a setup with a gateway-host (listening on port 443) and a virtual host for Wordpress.
The gateway addresses the Wordpress host as 127.0.0.1:81
If there is an invalid login, instead of logging the IP listed as X-Forwarded-For I see the localhost in the message-log.
I have set the WP_FAIL2BAN_PROXIES to either 127.0.0.1 or to the actual local IP 192.168…
Neither of the settings made WP-fail2ban log under the “forwarded-for” IP address.
Any Idea what I might have gotten wrong?

Kind regards,
Martin

Have you checked X-Forwarded-For is actually being set? I’m not an expert on nginx but I know from previous support threads that it doesn’t set it by default; a quick search suggests you need something like:

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

Hello. Thank you for the feedback.
Yes, that value is set. This is what I tried to say by " instead of logging the IP listed as X-Forwarded-For…".
I do have set exactly the line mentioned by you. It is in my nginx host definition / proxy< forward.

Regards,
Martin

Ah, OK. In that case it must be WP_FAIL2BAN_PROXIES. In theory you just set that to the IP being listed in the log as that’s the value of $_SERVER['REMOTE_ADDR'].

Probably the simplest thing is to temporarily drop a debug script into the root WordPress directory:

<?php phpinfo();

The " PHP Variables" section should give you all the information you need, including whether X-Forwarded-For really is being passed to WordPress.