id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
2127	ngx_http_realip_module changes $remote_addr which leads to wrong ips in X-Forwarded-For received by upstream service	anveshagarwal@…		"I have a webapp under NGinx and another frontal load balancer, something like below (x.x.x.x = IP address):

Client(a.a.a.a) -> LB (b.b.b.b) -> NGX (c.c.c.c) -> WEBAPP (d.d.d.d)

Here is a snippet of my NGinx configuration:

location / {
    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header  X-Real-IP       $remote_addr;
    real_ip_header    X-Forwarded-For;
    set_real_ip_from  b.b.b.b;
    real_ip_recursive on;
}
The load balancer add X-Forwarded-For field with client IP
X-Forwarded-For = a.a.a.a
NGinx search for client real IP in X-Forwarded-For header by omiting LB IP (b.b.b.b) and change $remote_addr from b.b.b.b to a.a.a.a so proxy_set_header X-Real-IP $remote_addr become true (OK that's what I want !)
BUT, NGinx also complete X-Forwarded-For header with a.a.a.a IP instead of b.b.b.b
WEBAPP receive the following headers:
X-Forwarded-For = a.a.a.a, a.a.a.a
X-Real-IP = a.a.a.a
-> X-Forwarded-For should be a.a.a.a, b.b.b.b

So here I am loosing info about my load balancer.

Right now for getting proper ips in my webapp I need to use a workaround of setting X-forwarded-for as:
proxy_set_header  X-Forwarded-For ""$http_x_forwarded_for, $realip_remote_addr"";

What I need is the ability to set first proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for and then search for real IP and replace $remote_addr value. Or maybe another variable similar to $proxy_add_x_forwarded_for which retains the load balancer ip.
"	defect	accepted	minor		nginx-module	1.19.x			anveshagarwal@…	Darwin local 20.1.0 Darwin Kernel Version 20.1.0: Sat Oct 31 00:07:11 PDT 2020; root:xnu-7195.50.7~2/RELEASE_X86_64 x86_64	1.19.6