starred/panel
1
0
Fork 0
mirror of https://github.com/pelican-dev/panel.git synced 2026-02-24 03:12:01 +03:00
Code Issues 42 Packages Projects Releases 12 Wiki Activity

Panel does not correctly handle X-Forwarded-For #127

New Issue
Closed
opened 2026-02-04 16:49:14 +03:00 by OVERLORD · 6 comments
OVERLORD commented 2026-02-04 16:49:14 +03:00
Owner
Copy Link

Originally created by @ItzExotical on GitHub (Jul 9, 2024).

Current Behavior

The panel does not care about the X-Forwarded-For header provided by Caddy among other web servers, resulting in the panel getting the user's IP wrong (if a service like Cloudflare is used).

Expected Behavior

The panel should get the user's actual IP and store that in logs too.

Steps to Reproduce

Sorry, but I think this one is quite straightforward.

Panel Version

1.0.0-beta6

Wings Version

1.0.0-beta3

Games and/or Eggs Affected

No response

Docker Image

No response

Error Logs

No response

Is there an existing issue for this?

  • I have searched the existing issues before opening this issue.
  • I have provided all relevant details, including the specific game and Docker images I am using if this issue is related to running a server.
  • I have checked in the Discord server and believe this is a bug with the software, and not a configuration issue with my specific system.
Originally created by @ItzExotical on GitHub (Jul 9, 2024). ### Current Behavior The panel does not care about the X-Forwarded-For header provided by Caddy among other web servers, resulting in the panel getting the user's IP wrong (if a service like Cloudflare is used). ### Expected Behavior The panel should get the user's actual IP and store that in logs too. ### Steps to Reproduce Sorry, but I think this one is quite straightforward. ### Panel Version 1.0.0-beta6 ### Wings Version 1.0.0-beta3 ### Games and/or Eggs Affected _No response_ ### Docker Image _No response_ ### Error Logs _No response_ ### Is there an existing issue for this? - [X] I have searched the existing issues before opening this issue. - [X] I have provided all relevant details, including the specific game and Docker images I am using if this issue is related to running a server. - [X] I have checked in the Discord server and believe this is a bug with the software, and not a configuration issue with my specific system.
OVERLORD commented 2026-02-04 16:49:30 +03:00
Author
Owner
Copy Link

@Boy132 commented on GitHub (Jul 9, 2024):

You need to set the TRUSTED_PROXIES in your .env file. Then it'll show the real ip.
See https://pelican.dev/docs/panel/config#reverse-proxy-setup

@Boy132 commented on GitHub (Jul 9, 2024): You need to set the `TRUSTED_PROXIES` in your .env file. Then it'll show the real ip. See https://pelican.dev/docs/panel/config#reverse-proxy-setup
OVERLORD commented 2026-02-04 16:49:41 +03:00
Author
Owner
Copy Link

@ItzExotical commented on GitHub (Jul 9, 2024):

Oh well, I totally missed that. What about wings? Still shows proxy IP for server events, such as opening and writing to files.

@ItzExotical commented on GitHub (Jul 9, 2024): Oh well, I totally missed that. What about wings? Still shows proxy IP for server events, such as opening and writing to files.
OVERLORD commented 2026-02-04 16:49:45 +03:00
Author
Owner
Copy Link

@Boy132 commented on GitHub (Jul 9, 2024):

Wings also has a config option for that. api.trusted_proxies

@Boy132 commented on GitHub (Jul 9, 2024): Wings also has a config option for that. `api.trusted_proxies`
OVERLORD commented 2026-02-04 16:49:53 +03:00
Author
Owner
Copy Link

@Boy132 commented on GitHub (Jul 12, 2024):

I'm going to close this. If you still have problems with it showing the wrong ip you should visit the Discord and open a support thread. But setting the trusted proxies config vars should work.

@Boy132 commented on GitHub (Jul 12, 2024): I'm going to close this. If you still have problems with it showing the wrong ip you should visit the Discord and open a support thread. But setting the trusted proxies config vars should work.
OVERLORD commented 2026-02-04 16:49:57 +03:00
Author
Owner
Copy Link

@ItzExotical commented on GitHub (Jul 12, 2024):

I set TRUSTED_PROXIES to 127.0.0.1 in my .env and it still showed the Cloudflare IP and not my IP. I even tried setting it to wildcard but same thing there. X-Forwarded-For exists and is properly set to the real connecting IP of the client, but Pelican is not handling it correctly it looks like.

@ItzExotical commented on GitHub (Jul 12, 2024): I set `TRUSTED_PROXIES` to `127.0.0.1` in my `.env` and it still showed the Cloudflare IP and not my IP. I even tried setting it to wildcard but same thing there. X-Forwarded-For exists and is properly set to the real connecting IP of the client, but Pelican is not handling it correctly it looks like.
OVERLORD commented 2026-02-04 16:50:03 +03:00
Author
Owner
Copy Link

@Boy132 commented on GitHub (Jul 12, 2024):

Because 127.0.0.1 is wrong, you need to set it to the cloudflare ips as described in the docs. At this point please visit the Discord for support.

@Boy132 commented on GitHub (Jul 12, 2024): Because `127.0.0.1` is wrong, you need to set it to the cloudflare ips as described in the docs. At this point please visit the Discord for support.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
not confirmed
pull-request
Mirrored from GitHub Pull Request
 👑 sponsor
💰 fund
🔴 hard
🟡 medium
🟡 medium
🟡 medium
🟢 easy
🟢 easy
🟢 easy
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/panel#127
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?