Support for `Fly-Client-IP`?

Question

Support for `Fly-Client-IP`?

Closed this issue 2 years ago · 9 comments

This repo doesn't seem to work with Phoenix apps deployed to Fly.io, which is one of the larger Elixir webhosts. They instead provide a [Fly-Client-IP](https://fly.io/docs/reference/runtime-environment/#fly-client-ip) header. Would be cool if this project could support that, if possible.

Answer 1 · 2022-03-22T16:16:46.000Z

They do insert the client IP in X-Forwarded-For, but at the front, so it isn't returned by this library because of reasons described here #28

Answer 2 · 2022-03-22T19:05:44.000Z

Have you tried configuring headers: ["fly-client-ip"]? https://hexdocs.pm/remote_ip/RemoteIp.Options.html

Answer 3 · 2022-04-09T15:23:20.000Z

Adding headers: ["fly-client-ip"] works

Answer 4 · 2022-04-09T21:27:06.000Z

Thanks for confirming, @ivanpetrovic! I'll go ahead and close this issue, then.

Answer 5 · 2022-05-26T12:02:12.000Z

There's still a problem with socket connections where you need to use x headers.

Answer 6 · 2022-06-01T16:07:47.000Z

@bartblast What problem, specifically? I've never worked with Phoenix sockets.

RemoteIp.from/2 accepts all the same options as the plug, so in theory you could pass in headers: ["fly-client-ip"] from a Phoenix.Socket. But I guess Phoenix only gives you the headers that begin with "x-": https://github.com/phoenixframework/phoenix/blob/385bdebdcc879dfb06f02faa5bef7d5e0b97761c/lib/phoenix/socket/transport.ex#L528-L532 There's nothing RemoteIp can do about the headers Phoenix makes available; you'd have to bring it up with them.

If the Fly-Client-IP header wouldn't be added to a socket connection by Fly.io anyway, then you'll have to use a different header. Going through X-Forwarded-For, with its comma-separated values, you'll want to understand how the algorithm works and configure things accordingly. For even more depth, there's a brilliant article linked in #29, where we've also been having some discussions about implications for the future of the RemoteIp plug. (As is, the plug uses a single opinionated algorithm for the sake of security, but we're thinking about how to generalize it to allow other strategies.)

Answer 7 · 2022-06-21T10:59:16.000Z

RemoteIp.from/2 accepts all the same options as the plug, so in theory you could pass in headers: ["fly-client-ip"] from a Phoenix.Socket. But I guess Phoenix only gives you the headers that begin with "x-": https://github.com/phoenixframework/phoenix/blob/385bdebdcc879dfb06f02faa5bef7d5e0b97761c/lib/phoenix/socket/transport.ex#L528-L532 There's nothing RemoteIp can do about the headers Phoenix makes available; you'd have to bring it up with them.

Thanks for the thorough reply! Yes, I meant that x- headers only are passed in the Phoenix socket context.
Actually Fly.io puts the whole forwarded IP chain to the correct header, I managed to solve my problems by using the "proxies" option (the list of known proxies) thanks to which the lib ignores Fly.io proxy and fetches the correct remote IP.

Answer 8 · 2024-07-31T18:30:54.000Z

@bartblast Where did you find the proxies CIDRS or IPs for fly.io

Answer 9 · 2024-07-31T22:42:43.000Z

@codeadict You need to use the IP listed in the fly.io admin panel: (your app) > Overview > IP addresses. Or analyze the actual request headers, it should be included there as well.