Support for reverse proxies in audit log #2420

New Issue

OVERLORD · 2026-02-05T04:05:31+03:00

OVERLORD commented

2026-02-05 04:05:31 +03:00

Originally created by @Cave-Johnson on GitHub (Oct 10, 2021).

Is there a way to to use X-Forwarded-for headers in the audit log for IP addresses?

My bookstack instance is behind an nginx reverse proxy that handles SSL/TLS, in the audit log it shows up as the proxy IP address rather than the actual clients IP address

Originally created by @Cave-Johnson on GitHub (Oct 10, 2021). Is there a way to to use X-Forwarded-for headers in the audit log for IP addresses? My bookstack instance is behind an nginx reverse proxy that handles SSL/TLS, in the audit log it shows up as the proxy IP address rather than the actual clients IP address

OVERLORD closed this issue

2026-02-05 04:05:40 +03:00

OVERLORD commented

2026-02-05 04:05:44 +03:00

@Cave-Johnson commented on GitHub (Oct 10, 2021):

This is probably similar to https://github.com/BookStackApp/BookStack/issues/2762 however I am seeing this in the audit log

@Cave-Johnson commented on GitHub (Oct 10, 2021): This is probably similar to https://github.com/BookStackApp/BookStack/issues/2762 however I am seeing this in the audit log

OVERLORD commented

2026-02-05 04:05:49 +03:00

@ssddanbrown commented on GitHub (Oct 10, 2021):

Hi @Cave-Johnson,
Can you try setting the APP_PROXIES option and let me know if that works for you?:

ca764caf2d/.env.example.complete (L45-L51)

Will require the X-Forwarded-For to be provided as part of the reverse proxy setup.

@ssddanbrown commented on GitHub (Oct 10, 2021): Hi @Cave-Johnson, Can you try setting the `APP_PROXIES` option and let me know if that works for you?: https://github.com/BookStackApp/BookStack/blob/ca764caf2d55a5c9bac61718d656423b0c3a060b/.env.example.complete#L45-L51 Will require the `X-Forwarded-For` to be provided as part of the reverse proxy setup.

OVERLORD commented

2026-02-05 04:05:54 +03:00

@Cave-Johnson commented on GitHub (Oct 10, 2021):

Apologies, I completely missed that! Set up my instance a while ago so hadn't seen the new env options.

That has solved the issue although I now have a separate odd issue, it now shows up the source IP as a cloudflare IP (my instance is also behind cloudflare).

It looks like cloudflare use a different header, the True-Client-IP Header. https://support.cloudflare.com/hc/en-us/articles/206776727-Understanding-the-True-Client-IP-Header

Is there anything that I can do to get this to show the true origin IP?

@Cave-Johnson commented on GitHub (Oct 10, 2021): Apologies, I completely missed that! Set up my instance a while ago so hadn't seen the new env options. That has solved the issue although I now have a separate odd issue, it now shows up the source IP as a cloudflare IP (my instance is also behind cloudflare). It looks like cloudflare use a different header, the `True-Client-IP Header`. https://support.cloudflare.com/hc/en-us/articles/206776727-Understanding-the-True-Client-IP-Header Is there anything that I can do to get this to show the true origin IP?

OVERLORD commented

2026-02-05 04:05:59 +03:00

@ssddanbrown commented on GitHub (Oct 10, 2021):

@Cave-Johnson I have not tried this but could you map the cloudflare header across to the expected header on the nginx proxy side? Via a rule such as:

proxy_set_header X-Forwarded-For $http_true_client_ip;

@ssddanbrown commented on GitHub (Oct 10, 2021): @Cave-Johnson I have not tried this but could you map the cloudflare header across to the expected header on the nginx proxy side? Via a rule such as: ```nginx proxy_set_header X-Forwarded-For $http_true_client_ip; ```

OVERLORD commented

2026-02-05 04:06:02 +03:00

@Cave-Johnson commented on GitHub (Oct 10, 2021):

Had to use proxy_set_header X-Forwarded-For $http_CF_Connecting_IP; as $http_true_client_ip is for enterprise accounts only.

All working now, thanks for the help!

@Cave-Johnson commented on GitHub (Oct 10, 2021): Had to use `proxy_set_header X-Forwarded-For $http_CF_Connecting_IP;` as `$http_true_client_ip` is for enterprise accounts only. All working now, thanks for the help!

OVERLORD commented

2026-02-05 04:06:06 +03:00

@Sazzels commented on GitHub (Apr 8, 2024):

Info

docker-compose.yml

image: "linuxserver/bookstack:24.02.2"

networks:
  - proxy

proxy network

# NPM proxy network IP
"<ID>": {
    "Name": "proxy",
    "EndpointID": "<ID>",
    "MacAddress": "<MAC>",
    "IPv4Address": "172.25.0.4/16",
    "IPv6Address": ""
},

i know this is a old topic but i could not get this running with Nginx Proxy Manager.

Bookstack and NPM share a network proxy and in NPM i forward to http://bookstack:80.

Logs
172.25.0.4 - - [08/Apr/2024:19:07:49 +0000] "GET / HTTP/1.1" 200 10216 "<reverseProxyFQDN>"
"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0"

tried:

APP_PROXIES=*

APP_PROXIES=172.25.0.4

APP_PROXIES=<PROXY_IP>

@Cave-Johnson @ssddanbrown should i open a new issue?

@Sazzels commented on GitHub (Apr 8, 2024): ### Info *docker-compose.yml* ``` image: "linuxserver/bookstack:24.02.2" networks: - proxy ``` *proxy network* ``` # NPM proxy network IP "<ID>": { "Name": "proxy", "EndpointID": "<ID>", "MacAddress": "<MAC>", "IPv4Address": "172.25.0.4/16", "IPv6Address": "" }, ``` i know this is a old topic but i could not get this running with Nginx Proxy Manager. Bookstack and NPM share a network `proxy` and in NPM i forward to `http://bookstack:80`. ``` Logs 172.25.0.4 - - [08/Apr/2024:19:07:49 +0000] "GET / HTTP/1.1" 200 10216 "<reverseProxyFQDN>" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0" ``` tried: ``` APP_PROXIES=* ``` ``` APP_PROXIES=172.25.0.4 ``` ``` APP_PROXIES=<PROXY_IP> ``` @Cave-Johnson @ssddanbrown should i open a new issue?

OVERLORD commented

2026-02-05 04:06:11 +03:00

@ssddanbrown commented on GitHub (Apr 9, 2024):

@Sazzels Yes, and in that issue please detail where you're setting those environment variables and any actions performed after setting them before re-testing.

@ssddanbrown commented on GitHub (Apr 9, 2024): @Sazzels Yes, and in that issue please detail where you're setting those environment variables and any actions performed after setting them before re-testing.

OVERLORD commented

2026-02-05 04:06:18 +03:00

@oopen commented on GitHub (Sep 8, 2024):

I use docker compose, with Traefik as reverse proxy.
To display real IP, I use this nginx config inpired from https://djangocas.dev/blog/nginx/nginx-access-log-with-real-x-forwarded-for-ip-instead-of-proxy-ip/#solution-1-get-client-user-real-ip-in-nginx-access_log

File /config/nginx/nginx.conf

[...]
#    access_log /config/log/nginx/access.log;

    log_format combined_realip '$http_x_forwarded_for - $remote_user [$time_local] '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent"';

    access_log /config/log/nginx/access.log combined_realip;
[...]

@oopen commented on GitHub (Sep 8, 2024): I use docker compose, with Traefik as reverse proxy. To display real IP, I use this nginx config inpired from https://djangocas.dev/blog/nginx/nginx-access-log-with-real-x-forwarded-for-ip-instead-of-proxy-ip/#solution-1-get-client-user-real-ip-in-nginx-access_log File `/config/nginx/nginx.conf` ``` [...] # access_log /config/log/nginx/access.log; log_format combined_realip '$http_x_forwarded_for - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"'; access_log /config/log/nginx/access.log combined_realip; [...] ```

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#2420