Hi
I have a nginx reverse proxy forwarding request to the backend service which is running in a container. The service is Nextcloud.
I’ve set up Crowdsec agent with collections Nextcloud and nginx.
But as far as I see, the nginx parsing is not working due to the container’s proxy (and probably would also not work with the original proxy).
This is what I see:
a) The log entry on the reverse proxy itself (before proxying to the backend service):
46.126.202.xxx - - [08/Mar/2022:17:21:18 +0100] "GET /index.php/204 HTTP/2.0" 204 0 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.19.0"
b) The same request as arrived on the backend system where the Crowdsec agent is running:
10.0.2.100 - - [08/Mar/2022:16:21:18 +0000] "GET /index.php/204 HTTP/1.1" 204 0 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.19.0" "46.126.202.xxx"
10.0.2.100 is the podman network, I assume docker is doing this similar. The original requester’s ip is now at the end of the log entry.
What is the best way to get the detection of the ip fixed for the nginx scenarios?