Your forum may work, but has no security, anyone can login and delete/steal the database. You need to setup your redis so that it has a password, and that it restricts access to localhost.
@yariplus thank you so much.
I'm using HAProxy on a remote server to proxy traffic to NodeBB. I'm actually proxying using a subdir
/forums and that part seems to work.
What isn't working is that everybody has the private IP address of the HAProxy server. What headers is NodeBB looking for to get the IP address?
Hey, just add some settings in haproxy. Take a look here https://serverfault.com/questions/331079/haproxy-and-forwarding-client-ip-address-to-servers
Yeah, I already have
option forwardfor enabled.
This all works for Wordpress, which is why I was wondering if a different header is expected.
I'm seeing this IP for all users, which is obviously a private IP:
Also, despite having dozens of people online today, this is my forum traffic graph:
If I don't get an answer, I'll eventually dig into the code. Other matters are more pressing wrt to my forums right now.
What's interesting is that the log file reports correct IP addresses for invalid email attempts.
There are two IPs that seem to get gathered in the code. One is
req.ip from the Express middleware and the other is
socket.ip from the websockets.
There's also this. Apparently if the port being used is 80 or 443 "trust proxy" is not enabled:
Otherwise it looks in
So, I guess this isn't documented? It's kinda documented that you shouldn't use 80 and 443 but this side-effect maybe isn't documented?
Yup, that fixed it.
to my config.json and everything is working as expected now. (I think)
Yeah, the idea is you should be using a reverse proxy to handle traffic and NodeBB should be listening on port 4567... if it's 4567 but port is not in url, then trust_proxy is automatically enabled.
Yeah, the idea is you should be using a reverse proxy
to handle traffic and NodeBB should be listening on port 4567...
if it's 4567 but port is not in url, then trust_proxy is automatically enabled.
Not sure if I follow this. But the logic in the code is that if it's any port aside from 80 and 443 then "trust proxy" is enabled. Or if "trust_proxy" is set to true in the config, then "trust proxy" is enabled.