- Used Zammad version: 6.4.0 / 1592470089.65376a81.centos7
- Used Zammad installation source: (source, package, …) CENTOS package
- Operating system: centos-release-7-8.2003.0.el7.centos.x86_64
- Browser + version: Firefox, Chrome, Safari … it’s not browser dependent.
I’m running an external proxy / load balancer HAProxy in front of my Zammad installation. This proxy already adds a “X-Forwarded-For” header when if passes data to the backend, which is in this case my Zammad installation.
As the nginx config of Zammad also adds the “X-Forwarded-For”, Zammad always sees the IP address of my HAProxy (which connects to it) for all sessions instead of the real IP address which is added by my HAProxy.
I thought a proper solution is to remove the line which adds the X-Forwarded-For in the nginx of the Zammd VM, so the nginx config with commended X-Forwarded-For lines looks like that:
From theory nginx should now not change my X-Forwarded-For which is added by the HAProxy and leave the original X-Forwarded-For as it is. Unfortunately as soon as I comment out these two lines, Zammad does not work anymore and I just see a single text error line:
An unhandled lowlevel error occurred. The application logs may have details.
I’m pretty puzzled why that happens. How can I make Zammad not adding it’s own X-Forwarded-For and use the X-Forwarded-For which is added by my HAProxy in front of it to get the real session IP addresses?