8000 No real ip behind haproxy 0.0.15 · Issue #369 · mjl-/mox · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
No real ip behind haproxy 0.0.15 #369
New issue
New issue
Open
Open
No real ip behind haproxy 0.0.15#369
@vooon

Description

@vooon
vooon
opened on Jul 2, 2025

Hello,

I'm trying to setup Mox behind the HAproxy, UI/MTA-STS/... works, but seems Mox not processing X-Forwarded-For / X-Real-IP because in logs and account client ip is 127.0.0.1.

mox.conf is like that:

Listeners:
	internal:
		AccountHTTP:
			Enabled: true
			Port: 1080
			Forwarded: true
		AdminHTTP:
			Enabled: true
			Port: 1080
			Forwarded: true
		WebmailHTTP:
			Enabled: true
			Port: 1080
			Forwarded: true
		WebAPIHTTP:
			Enabled: true
			Port: 1080
			Forwarded: true

haproxy.cfg:

frontend https
  mode http
  bind :443 ssl alpn h2,http/1.1 crt /etc/acme/haproxy/
  # bind quic4@:443 ssl alpn h3 crt /etc/acme/haproxy/
  # http-after-response add-header alt-svc 'h3=":443"; ma=60'
  option forwardfor
  http-request set-header X-Real-IP %[src]
  http-request set-header X-Forwarded-Proto https
  http-response set-header Strict-Transport-Security "max-age=2592000"

  use_backend mox-ui          if { hdr(host) -i mx.foo } OR { hdr(host) -i mail.foo }
  use_backend mox-autoconf    if { hdr(host) -i mta-sts.foo } OR { hdr(host) -i autoconfig.foo }
  default_backend barbrady

backend mox-ui
  mode http
  server localhost 127.0.0.1:1080 check

backend mox-autoconf
  mode http
  server localhost 127.0.0.1:1081 check

I've tried to sniff http, and can confirm that the headers present.
The only noticeable thing - they are in lower case, like in HTTP/2, i.e. x-forwarded-for: <ip>.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0