Can't get IP address on failed login
Hi Folks,
I'm trying to setup crowdsec for my immich instance.
But, in the immich server logs, i can't get the IP address on failed login.
When i failed a login, I only get the following message:
[Nest] 7 - 08/01/2023, 8:09:32 PM WARN [AuthService] Failed login attempt for user [email protected] from ip address undefined
For information, Im using traefik as reverse proxy.
I tried with the traefik/whoami container to check the headers passed by the proxy, where i can see X-Real-IP or X-Forwarded-For with my IP.
However no luck in the immich server container.
Any idea how to solve this issue?
Thanks!10 Replies
Are you still using the immich-proxy container?
Technically, yes it's still running (haven't take the time to remove it) but i'm not going thru it, traefik sends directly to the web and server container.
Does traefik foward the real ip to the immich-server container?
You can reference this probably. You need to forward and set the right headers:
https://immich.app/docs/administration/reverse-proxy#adding-a-custom-reverse-proxy
normally it does.
I check the forwarded header using the traefik/whoami container (which merely displays the received headers) and both X-Real-IP and X-Forwarded-For and provided, with the real ip
actually this are all the header provided :
Hostname: aa4f30e7117d
IP: 127.0.0.1
IP: 172.18.0.15
RemoteAddr: 172.18.0.14:33520
GET / HTTP/1.1
Host: test.grutor.ovh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8
Accept-Encoding: gzip, deflate, br
Accept-Language: fr;q=0.7
Cache-Control: max-age=0
Sec-Ch-Ua: "Not/A)Brand";v="99", "Brave";v="115", "Chromium";v="115"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Windows"
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Sec-Gpc: 1
Upgrade-Insecure-Requests: 1
X-Forwarded-For: 192.168.0.70
X-Forwarded-Host: test.grutor.ovh
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: 83f5a075734b
X-Real-Ip: 192.168.0.70
This might be a bug actually.
https://github.com/immich-app/immich/pull/3515
great! i'll try to give a try!
Is there a way to try the PR? so i can tell you if it's working :p
I think there is a tag for
main, which has the latest code. That might work. Although it does have all the other changes since the last release as well. You might want to just wait until the release. Or, you can find and edit the file in the dist folder and change clientIp to IP and restart the container.
It would be in dist/immich/app.guard.jswell done! its working!
Sweet, thanks for reporting the issue
Not no thanks to all the people contributing to this amazing software!