Simple question, difficult solution. I can’t work it out. I have a server at home with a site-to-site VPN to a server in the cloud. The server in the cloud has a public IP.

I want people to access server in the cloud and it should forward traffic through the VPN. I have tried this and it works. I’ve tried with nginx streams, frp and also HAProxy. They all work, but, in the server at home logs I can only see that people are connecting from the site-to-site VPN, not their actual source IP.

Is there any solution (program/Docker image) that will take a port, forward it to another host (or maybe another program listening on the host) that then modifies the traffic to contain the real source IP. The whole idea is that in the server logs I want to see people’s real IP addresses, not the server in the cloud private VPN IP.

  • tjr@innernet.link
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    You’re best off using the PROXY protocol assuming your application(s) support it.

    • MeowdyPardner@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      This is the solution. I reverse proxy from a digitalocean droplet running haproxy which sends traffic via send-proxy-v2, then I set the tunnel subnet as a trusted proxy ip range on traefik which is what haproxy hits through the tunnel, which causes traefik to substitute in the reverse proxied original ip so all my apps behind traefik see the correct public IP (very important for things like nextcloud brute force protection to work)

      • nickshanks@lemmy.worldOP
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Would this work for my use case? I just want a service to be able to see the real source IPs but still going through a proxy

      • witten@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        But I imagine this only works if TLS is terminated at HAProxy rather than Traefik, right? Otherwise how can HAProxy mess with the HTTP headers?