I’m having issues getting the real client IP to show up when using Nginx Proxy Manager with Unifi Network. I’ve tried adding the usual headers like X-Real-IP and X-Forwarded-For, but Unifi still logs the NPM server’s IP instead of the client’s.
I’ve put these in both the global and location blocks:
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
But it’s not working. I’m wondering if Unifi might not be reading these headers right, or if there are other headers that could work better.
Has anyone here managed to get real client IPs showing up with Unifi or something similar? What did you do to make it work? I’m really stuck and could use some help figuring this out.
I’ve dealt with this exact problem before, and it can be incredibly frustrating. One thing that worked for me was adding the ‘real_ip_recursive’ directive to my Nginx configuration. This tells Nginx to look at the leftmost IP in the X-Forwarded-For header, which is typically the client’s real IP.
Try adding this to your Nginx config:
real_ip_recursive on;
real_ip_header X-Forwarded-For;
Also, make sure your Unifi Network application is configured to trust the IP of your Nginx Proxy Manager. Sometimes, applications ignore these headers if they don’t recognize the source as trustworthy.
If that doesn’t work, you might need to dig into Unifi’s logging configuration. Some apps have specific settings for handling reverse proxy setups that need to be enabled separately.
I’ve encountered similar issues with Nginx Proxy Manager and obtaining the real client IP. In my experience, the upstream application (in this case, Unifi) can sometimes misinterpret the headers, leading to the proxy’s IP being logged instead.
One configuration that helped me was adding the following directives to force Nginx to recognize the real IP:
real_ip_header X-Forwarded-For;
set_real_ip_from 0.0.0.0/0;
This explicitly instructs Nginx to use the X-Forwarded-For header and trust all connections. Additionally, confirm that Unifi is configured to read these headers correctly. If the issue persists, checking Unifi documentation for any specific proxy settings might provide further insights. Be cautious about the security aspects when trusting IPs from all sources.