ConfD User Community

How to get real IP from reverse proxy to ConfD

Hi,
Would like to know how does confd get to know the
real IP/External IP address instead of internal IP when reverse proxy is used.
Thanks,
Padma

Just to clarify your question.

Is ConfD behind reverse proxy (acts as server) and you would like to know client (connecting to ConfD) IP address?

If so, what is the scenario? Why is it needed?

We proxy ConfD’s RESTCONF API, @padma. We alert ConfD of the actual client details by adding the headers Via, X-Forwarded-For, X-Forwarded-Proto, X-Forwarded-Host, X-Forwarded-Server.

You can use these by configuring confd.conf according to the section Client IP via Proxy in the manual.

HTH!

Yes, for RESTCONF (HTTP), this is good approach. Described e.g. here

For other interfaces (north, south), some other mechanism (internal to scenario?) has to be used/invented to pass Client’s IP in the communication.

Thank you. We want to proxy ConfD webserver.
Yes, ConfD is behind reverse proxy (nginx acts as server) and would like to know HTTP/HTTPS client (connecting to ConfD) IP address.
And we use older version of ConfD. I see that in the latest version of ConfD, ‘Client IP via Proxy’ support is present but not in older version.
How do we achieve the same with old ConfD.

Upgrade :wink: Honestly though, not sure. Thinking plainly about HTTP proxying defined in the RFC, don’t think there’s any other way. Maybe there’s some ConfD-specific way, but I don’t know it.

Indeed. This functionality was added in ConfD 6.4.5, 6.5.2, and 6.6, all of which were released more than 2 years ago. Since then there has been 4 “major” (x.y) releases, with the current being 7.3 - so it’s not like the support is only present in the “latest” version.

No - without the proxy support, ConfD will just pick up the source address of the TCP connection (which is coming from the proxy) - there’s nothing else it can do.