mrkey148
IImmich
•Created by mrkey148 on 2/16/2025 in #help-desk-support
Understanding required headers to show real client ip in immich logs
Hello,
I have Immich setup behind a Traefik reverse proxy which is running in a VPS and proxying back to Immich via Tailscale. So it receives requests without any other proxies being involved. I would like to enable brute force detection with Crowdsec parsing my Immich log. I'm noticing when testing this that the failed auth's are attributed to the Tailscale ip address of the VPS rather than the real client ip.
Reading the Immich documentation I see that the headers
Host, X-Real-Ip, X-Forwarded-Proto, and X-Forwarded-For are required. Looking at Traefik's documentation it seems like they will set either X-Forwarded-For or X-Real-Ip but not both, and additionally will set X-Forwarded-Host instead of just Host. My own Traefik access logs seem to back this up.
So I guess my question is, for Immich to correctly attribute the client ip do the proxy headers need to be set exactly as it says in the documentation or is there anything I can do to have it work with what I'm getting from Traefik by default.
Thanks10 replies