Subj : dlreq for web download
To   : Zip
From : opicron
Date : Mon Apr 21 2025 02:28 pm

 Zi> Speaking of HTTPS, I see that you have an nginx serving the dlreq page ove
 Zi> HTTPS. How do you make nginx preserve the client IP when forwarding the
 Zi> request to Mystic's web server? (As dlreq checks the client IP and refuses
 Zi> serve anything if the IP doesn't match.)

The nginx in question is the reverse proxy of Synology. So, in the HTML I change the http requests to HTTPS. The HTTPS requests are forwarded to the Mystic HTTP webserver again.

 Zi> I have HTTP on port 61080 leading directly to the Mystic HTTP web server, 
 Zi> similarly HTTPS on port 61443 leading to the Mystic HTTPS web server, and 
 Zi> experimenting a little with Apache (which runs all HTTPS stuff with the
 Zi> "real" SSL cert) to proxy certain URLs internally to 61443, but the client
 Zi> as seen by Mystic's web server will always be the loopback interface, so d
 Zi> denies the download requests when clicking on the file links.

Mystic runs in a docker on my synology and the IP of caller/webvisitor get forwarded by the DNS reverse proxy in all cases. I dont know the exact script/command for nginx as synology does it for me.

 Zi> Could be one of those things that are easy to do with nginx, but less so w
 Zi> Apache. :)

I believe it is, I vaguely remember having to do some IP forward some time ago. Wasn't it with x-headers? x-forward?
 
 Zi> (Hmm, maybe I would need to let Apache handle 61080 as well so that the
 Zi> "initial" dlreq requests comes from the loopback interface... Which would
 Zi> trash the client IP checking ability of dlreq, but anyway...)
 Zi> 
 Zi> Thanks in advance!

Hope it will be as easy as I had it. Didnt even know that dlreq validated the IP :).

oP!

.... Monday is the root of all evil!

--- Mystic BBS v1.12 A49 2024/05/29 (Linux/64)
 * Origin: TheForze - bbs.theforze.eu:23 (21:3/126)

.