Infos:
- Used Zammad version: 5.3.0
- Used Zammad installation type: docker-compose with Traefik as reverse proxy
- Operating system: Debian
- Browser + version: Librewolf / Chromium
Expected behavior:
Zammad shows in Sessions and e.g. mails for new logins the real user IP and not the IP of the reverse proxy.
Actual behavior:
The IP of the reverse proxy is shown.
This topic isn’t new I know and the reason for made nginx X-Forwarded-Proto scheme & rails trusted proxies configurable by monotek · Pull Request #166 · zammad/zammad-docker-compose · GitHub, also in this community is a bunch of topics regarding it but I tried everything mentioned there.
The skeleton required is IMO
services:
zammad-init:
environment:
- RAILS_TRUSTED_PROXIES=['127.0.0.1', '::1']
zammad-nginx:
environment:
- VIRTUAL_HOST=helpdesk.domain.tld
- NGINX_SERVER_SCHEME=https
Only when I add in the RAILS_TRUSTED_PROXIES
the actual IP address of the reverse proxy (currently '192.168.192.2'
), the client IP is used as expected. But this local IP is of the docker network and can change every know and then so this isn’t a solution here. I tried to add 'traefik'
as mentioned in CSRF token verification failed · Issue #2829 · zammad/zammad · GitHub but this didn’t help but would be the solution IMO.
I also added the X-Forwarded-Proto
header to Traefik as a test but that didn’t help either.
Do you have a hint to solve or further troubleshoot this issue?