generated from coop-cloud/example
Peertube does not understand the proper public IP address #7
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
I am not sure this is an issue? It seems like it might be?
That is odd,
trust_proxy
already contains the whole10.0.0.0/8
block, see: https://git.autonomic.zone/coop-cloud/peertube/src/branch/main/compose.yml#L47it looks like the
PEERTUBE_TRUST_PROXY
environment variable is not read or not taken into accountThanks for looking at this. I see that it is still around in the codebase (via https://github.com/Chocobozzz/PeerTube/search?q=PEERTUBE_TRUST_PROXY) but I do remember having some issues with this. Is the
[...]
passed actually as a list to the config file? Maybe we should just hard code this in the file and not pass it via the env var?afaiu, it is passed as a string to the config file and it is then parsed as a json list further down. I'll try and debug it asap.
yeah, that would work, although I believe we should allow it to be overriden for anyone hosting behind a reverse proxy on the outside of the swarm.
Ok, so I just tested this and it works fine on a fresh VM,
X-Forwarded-For
is interpreted correctly, which meansPEERTUBE_TRUST_PROXY
is read properly.It must be that you're coming through docker-proxy, which operates as a TCP reverse proxy and thus, cannot tell anything downstream about the client IP address.
In any case, peertube will only be able to get the client IP address if the client connects to traefik "directly" (without going through docker-proxy) which means in our case, using IPv4 and with traefik configured with TCP ports published in host-mode (called host mode networking in our traefik config).
I hope that doesn't make this even more confusing haha.
Right yep, that makes sense! Thanks for testing it out. I was not using host mode networking in my setup. Should that be the recommended setup? As I see it from the warning given by Peertube, the consequences could be a pretty broken Peertube?
I think so, yeah (also for performance reasons and to have traefik reachable from IPv6)