Get started
We are having lots of fun on Discord. Come and join us!
Star on GitHub 45.1K Get started
Back

SSR Auth + CloudFlare

  • 0
  • Web
View on Discord
Camo
24 Jul, 2023, 11:36

I'm having problems with SSR auth, and Cloudflare proxy. I've tried https://discord.com/channels/564160730845151244/1109402256949903411 and added a list of ips. 127.0.0.1, 100.100.100.100, Only client side goes trough. If i disable proxy on CloudFlare everything works fine. I have nginx proxy manager locally on the server to get ssl and proxy to the domain. Any ideas?

TL;DR
User is having problems with SSR auth and Cloudflare proxy. They have tried adding a list of IPs but only the client side goes through when Cloudflare proxy is disabled. They have nginx proxy manager set up locally and have realized they were blocking user agents, which was causing the issue. They removed some entries from docker-compose.yml that were not necessary and will add trusted IPs in the docker compose file. They are having trouble after adding the trusted IPs again. The person helping suggests rebuilding containers and asks if they are getting real IP addresses from users or Cloudflare. The user checks and says Appwrite isn't working now. The person helping suggests
Camo
24 Jul, 2023, 11:37

@D5

Camo
24 Jul, 2023, 11:37

127.0.0.1 is local proxy, and 100.100.100.100 is the public ip of the server, just in case

Camo
24 Jul, 2023, 11:38

you can try it out on https://bash.lv/

Camo
24 Jul, 2023, 11:50

Seems i have found my error. I was blocking user agents I have a significant list there. One of them was apparently on the server side.

Camo
24 Jul, 2023, 11:53

And bot fight mode does block as well, just in case someone wants to know

Camo
24 Jul, 2023, 12:01

i've removed the entries from docker-compose.yml as they seem to not matter in my case(works perfectly fine with out them) --entryPoints.appwrite_web.forwardedHeaders.trustedIPs=127.0.0.1, 100.100.100.100 --entryPoints.appwrite_websecure.forwardedHeaders.trustedIPs=127.0.0.1, 100.100.100.100

D5
24 Jul, 2023, 12:19

Will make hit rate limit

D5
24 Jul, 2023, 12:25

You will need to add anyways in your docker compose file, under traefik section those 2 lines:

TypeScript
  --entryPoints.appwrite_web.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,0,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22

  --entryPoints.appwrite_websecure.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.996.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22
Camo
24 Jul, 2023, 12:25

roger that, will do, thank you man

Camo
24 Jul, 2023, 12:52

hmm after adding again won't work

Camo
24 Jul, 2023, 12:52

why do ranges differ?

D5
24 Jul, 2023, 12:52

Did you have run the docker compose command to rebuild containers?

Camo
24 Jul, 2023, 12:53

yeah ofc

D5
24 Jul, 2023, 12:53

Also are you getting real IP addresses from users or Cloudflare?

D5
24 Jul, 2023, 12:53

In the Appwrite dashboard, for example, Auth

Camo
24 Jul, 2023, 12:53

let me check

Camo
24 Jul, 2023, 12:54

appwrite isn't working now lol

D5
24 Jul, 2023, 12:54

Is it showing any errors?

Camo
24 Jul, 2023, 12:54

where did you get those ranges?

Camo
24 Jul, 2023, 12:54

https://www.cloudflare.com/en-gb/ips/

Camo
24 Jul, 2023, 12:55

i see other ips

Camo
24 Jul, 2023, 12:55

oh ok same ranges, but in different order

D5
24 Jul, 2023, 12:55

Yes

D5
24 Jul, 2023, 12:55

They have updated the order

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more