From 67ef8f591e65316c6f6a54e0764833d107ca9242 Mon Sep 17 00:00:00 2001 From: Minit Date: Sun, 26 Apr 2026 15:51:36 +0530 Subject: [PATCH] =?UTF-8?q?fix(nginx):=20correct=20real=5Fip=5Fheader=20ty?= =?UTF-8?q?po=20X-Forward-For=20=E2=86=92=20X-Forwarded-For?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Forward-For is not a real HTTP header — the standard is X-Forwarded-For. With the typo, Nginx never replaces $remote_addr with the actual client IP, so rate limiting and IP logging see the proxy IP instead of the real client. Affects all three nginx configs (web, admin, space). --- apps/admin/nginx/nginx.conf | 2 +- apps/space/nginx/nginx.conf | 2 +- apps/web/nginx/nginx.conf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/admin/nginx/nginx.conf b/apps/admin/nginx/nginx.conf index 0fd4a192ae2..36f62812868 100644 --- a/apps/admin/nginx/nginx.conf +++ b/apps/admin/nginx/nginx.conf @@ -11,7 +11,7 @@ http { set_real_ip_from 0.0.0.0/0; real_ip_recursive on; - real_ip_header X-Forward-For; + real_ip_header X-Forwarded-For; limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s; access_log /dev/stdout; diff --git a/apps/space/nginx/nginx.conf b/apps/space/nginx/nginx.conf index c0fe3730d10..e6f15b1ee3a 100644 --- a/apps/space/nginx/nginx.conf +++ b/apps/space/nginx/nginx.conf @@ -11,7 +11,7 @@ http { set_real_ip_from 0.0.0.0/0; real_ip_recursive on; - real_ip_header X-Forward-For; + real_ip_header X-Forwarded-For; limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s; access_log /dev/stdout; diff --git a/apps/web/nginx/nginx.conf b/apps/web/nginx/nginx.conf index 34e07ba4beb..b6719971cde 100644 --- a/apps/web/nginx/nginx.conf +++ b/apps/web/nginx/nginx.conf @@ -11,7 +11,7 @@ http { set_real_ip_from 0.0.0.0/0; real_ip_recursive on; - real_ip_header X-Forward-For; + real_ip_header X-Forwarded-For; limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s; access_log /dev/stdout;