I have an external reverse proxy (nginx) pointing to my Zammad server (deb package, self hosted).
One of the minor problems is that client sessions are always being seen as my proxy server’s IP address.
This can be fixed by alterations to /opt/zammad/config/environments/production.rb, adding my proxy server’s IP address to the Trusted Proxy array.
# overwrite default Rails TRUSTED_PROXIES
# because otherwise IPs from private ranges will be
# ignored for Session logging and fall back to localhost
# see https://github.com/zammad/zammad/issues/742
config.action_dispatch.trusted_proxies = ['127.0.0.1', '::1', '<proxy.ip.addr.ess>]
https://github.com/zammad/zammad/issues/742 is the original (closed) ticket referring this.
However, the problem is that every packaged release/update then overrides changes made to this file. Is there any way that we can make this persistent?
Docker-Compose version has this: https://github.com/zammad/zammad-docker-compose/pull/166
GitLab (which is referenced as the source of the Issue 742 fix here: https://gitlab.com/gitlab-org/gitlab-foss/-/blob/0e1fc6e04c96ce989062e02d9e706031cea87c36/config/initializers/trusted_proxies.rb#L23) has the following:
gitlab_trusted_proxies = Array(Gitlab.config.gitlab.trusted_proxies).map do |proxy|
begin
IPAddr.new(proxy)
rescue IPAddr::InvalidAddressError
end
end.compact
Rails.application.config.action_dispatch.trusted_proxies = (
['127.0.0.1', '::1'] + gitlab_trusted_proxies)
Would it be possible to add a zammad_trusted_proxies somewhere that would be configurable and persistent? (in /etc/zammad/, perhaps?)