The issue
I’m having trouble displaying the real client IP in the Flarum user interface under each user’s security settings (e.g., https://forum.com/u/user/security). I have set up Flarum behind a reverse proxy on a Synology NAS, which forwards requests to my Ubuntu server where Flarum is installed. The issue is that Flarum shows the IP of the NAS or server instead of the actual client IP.
What I Expected to See
I expected Flarum to display the client’s original IP address, not the server or proxy IP. The NAS proxy is configured to forward X-Forwarded-For and X-Real-IP headers, and I have confirmed that Apache receives the real client IP in X-Forwarded-For.
Steps Taken to Troubleshoot
Configured mod_remoteip in Apache:
Enabled mod_remoteip and configured /etc/apache2/conf-available/remoteip.conf with:
apache
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 192.168.1.10
Restarted Apache. Logs now show the correct client IP in the %a field, indicating that X-Forwarded-For is interpreted correctly by Apache.
PHP Test for REMOTE_ADDR:
Created a test file ip_test.php displaying $SERVER['REMOTE_ADDR'] and $SERVER['HTTP_X_FORWARDED_FOR']. REMOTE_ADDR reflects the real client IP, confirming that mod_remoteip is passing the IP correctly.
Attempted Code Modification in Flarum:
I searched Flarum’s middleware files to force it to use X-Forwarded-For but couldn’t locate where Flarum retrieves the client IP for user security settings.
Flarum information
vbnet
[Place the output of php flarum info here as requested in the template, to provide system details.]
Request for Assistance
Could someone guide me on where to adjust Flarum’s code to ensure it uses X-Forwarded-For as the client IP? Alternatively, is there an extension or configuration that allows Flarum to recognize the real client IP behind a reverse proxy setup?
Thank you for your assistance, and congratulations on the fantastic work with Flarum!
Flarum
1.8.8
PHP
8.3.6
MySQL
10.11.8-MariaDB
