We have a frontend app A (staticfile_buildpack) which forwards all REST requests to backend app B (nodejs-buildpack). How can we get the real client IP address in app B? I would expect to have the client IP in the x-forwarded-for header.
NGINX config of app A:
location ~ ^/rest/(.*)$ {
resolver 8.8.8.8 ipv6=off; # Google DNS
proxy_pass https://app-b.scapp.io/rest/$1$is_args$args;
Received request headers in app B:
host: 'app-b.scapp.io'
user-agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:66.0) Gecko/20100101 Firefox/66.0',
accept: '*/*',
accept-encoding: 'gzip, deflate, br',
accept-language: 'de,en-US;q=0.7,en;q=0.3',
b3: 'af89bc574dc6b9e7-af89bc574dc6b9e7',
referer: 'https://app-a.scapp.io/',
x-b3-spanid: 'some-id',
x-b3-traceid: 'some-id',
x-cf-applicationid: 'some-id',
x-cf-instanceid: 'some-id',
x-cf-instanceindex: '1',
x-forwarded-for: '100.106.226.30, 100.106.132.129', // Swisscom IPs?
x-forwarded-proto: 'https, https',
x-request-start: '1556521740817',
x-vcap-request-id: 'some-id'
The solution i finally choosed is to use a custom header as proposed by @RichardSmith. But it was imporant to use another name because my loadbalancer overrides the X-Forwareded-For header.