I am trying to run a Quart app behind an NGINX reverse proxy, but need to be able to use the request.remote_addr to determine the ip address of the client connection. When doing this with Flask I've always used the werkzeug ProxyFix package here:
https://werkzeug.palletsprojects.com/en/2.0.x/middleware/proxy_fix/
My nginx config looks like this:
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
}
And then in the python code I'm using this route to test:
@app.route('/whatsmyip')
async def whatsmyip():
return request.remote_addr
When requests come through they always say the remote_addr is 127.0.0.1, because that's the ip of the nginx instance.
Any pointers to how to implement this with nginx+hypercorn+quart would be appreciated. 🙂
This is solvable by using the uvicorn.middleware.proxy_headers.ProxyHeadersMiddleware middleware, for example:
# app.py
from quart_trio import QuartTrio
from quart import request
from uvicorn.middleware.proxy_headers import ProxyHeadersMiddleware
app = QuartTrio(__name__)
app.asgi_app = ProxyHeadersMiddleware(app.asgi_app, trusted_hosts=["127.0.0.1"])
@app.route('/whatsmyip')
async def whatsmyip():
return request.remote_addr
This will process the X-Forwarded-For and X-Forwarded-Proto headers, allowing it to correctly work with this NGINX configuration running on the same server:
server {
server_name example.org;
# Snakeoil SSL configuration
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
include snippets/snakeoil.conf;
location / {
proxy_pass http://127.0.0.1:5001;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
}
}
You don't even need to use Uvicorn to run the python app, as the middleware isn't dependent on running under uvicorn, so you can use Hypercorn:
hypercorn --worker-class trio --bind 127.0.0.1:5001 app.py