Wrong IP is banned with docker and nginx #369

New Issue

Closed

opened 2026-02-04 20:03:12 +03:00 by OVERLORD · 3 comments

OVERLORD commented 2026-02-04 20:03:12 +03:00

Owner

Copy Link

Originally created by @timaschew on GitHub (Aug 11, 2019).

I'm using dokku (docker + nginx) and bitwarden_rs is showing the internal IP which is used to ban. But the real IP is not shown in the bitwarden logs. Instead the nginx contains the IP (access_log), but the context is missing (if it was an successful login or not). There is only the timestamp which could be used, but both have a different format and is it possible at all to substitute the IP from another log file filtered by a converted timestamp?

nginx/bitwardn-access.log:

89.145.194.0 - - [10/Aug/2019:23:05:28 +0200] "GET /admin HTTP/2.0" 200 1830 "https://bitwardn.awspace.de/admin" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36

bitwarden.log

[2019-08-10 20:58:54][bitwarden_rs::api::admin][ERROR] Invalid admin token. IP: 172.17.0.1

BTW: I tried both: with chain=FORWARD and without

Originally created by @timaschew on GitHub (Aug 11, 2019). I'm using dokku (docker + nginx) and bitwarden_rs is showing the internal IP which is used to ban. But the real IP is not shown in the bitwarden logs. Instead the nginx contains the IP (access_log), but the context is missing (if it was an successful login or not). There is only the timestamp which could be used, but both have a different format and is it possible at all to substitute the IP from another log file filtered by a converted timestamp? nginx/bitwardn-access.log: ``` 89.145.194.0 - - [10/Aug/2019:23:05:28 +0200] "GET /admin HTTP/2.0" 200 1830 "https://bitwardn.awspace.de/admin" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 ``` bitwarden.log ``` [2019-08-10 20:58:54][bitwarden_rs::api::admin][ERROR] Invalid admin token. IP: 172.17.0.1 ``` BTW: I tried both: with `chain=FORWARD` and without

OVERLORD closed this issue 2026-02-04 20:03:17 +03:00

OVERLORD commented 2026-02-04 20:03:34 +03:00

Author

Owner

Copy Link

@dani-garcia commented on GitHub (Aug 11, 2019):

You need to make sure that the proxy is sending the X-Real-IP Header, otherwise it won't work correctly. Look at the example in the wiki: https://github.com/dani-garcia/bitwarden_rs/wiki/Proxy-examples#nginx-by-shauder

@dani-garcia commented on GitHub (Aug 11, 2019): You need to make sure that the proxy is sending the X-Real-IP Header, otherwise it won't work correctly. Look at the example in the wiki: https://github.com/dani-garcia/bitwarden_rs/wiki/Proxy-examples#nginx-by-shauder

OVERLORD commented 2026-02-04 20:03:37 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Aug 13, 2019):

@timaschew I have it setup the same as the link @dani-garcia posted.
I get for both the default login and /admin login the correct IP in both the bitwarden log and my nginx log.
The only thing which is a bit strange/out-of-standards is that the default login page returns a HTTP 400 and the admin token login returns a 303. Which i think should be 401 Unauthorized.

@BlackDex commented on GitHub (Aug 13, 2019): @timaschew I have it setup the same as the link @dani-garcia posted. I get for both the default login and /admin login the correct IP in both the bitwarden log and my nginx log. The only thing which is a bit strange/out-of-standards is that the default login page returns a HTTP 400 and the admin token login returns a 303. Which i think should be 401 Unauthorized.

OVERLORD commented 2026-02-04 20:03:45 +03:00

Author

Owner

Copy Link

@timaschew commented on GitHub (Aug 25, 2019):

Why bitwarden_rs is not using X-Forwarded-For which seems to be quite common?

Anyway, it works using X-Real-IP, thanks!

@timaschew commented on GitHub (Aug 25, 2019): Why bitwarden_rs is not using `X-Forwarded-For` which seems to be quite common? Anyway, it works using `X-Real-IP`, thanks!

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#369