Incorrect IP in Identity when BW SelfHosted is behind a proxy #6467
Description
Hello I have incorrect IPs in bwdata/Identity/identity/*.txt
My config is a self hosted BW behind a traefik proxy
- 🟢
bwdata/config.yamlis correctly setup withreal_ipsoption CIDR - 🟢
bwdata/logs/nginx/access.logis correctly logging the real end's user's IP - 🔴
bwdata/Identity/identity/*.txtremains logging the container's IP
My need is to activate a fail2ban to mitigate brute force
Checking quickly
server/src/Core/Utilities/CoreHelpers.cs
Line 643 in 39f38f5
it seems that realIP is read only for non self hosted solution via header
X-Connecting-IPotherwise you take the classic IP, thus the first hop
Could you let me know how I could solve this case ?
Regards
Edouard
Expected Result
Correct end's users's IP
Actual Result
- correct IP in nginx logs
- incorrect IP in
bwdata/Identity/identity/*.txtlogs
Build Version
2025.10.0
Environment
Self-Hosted
Environment Details & steps to reproduce
Linux with a docker override:
services:
nginx:
labels:
- "traefik.enable=true"
- "traefik.http.routers.bitwarden-secure.rule=Host(`MY-PRETTY-DOMAIN`)"
- "traefik.http.routers.bitwarden-secure.entrypoints=websecure"
- "traefik.http.services.bitwarden-nginx.loadbalancer.server.port=8080"
- "traefik.docker.network=web-net"
networks:
- webnet
- default
networks:
webnet:
external: true
name: web-netconfig:
url: https://MY-PRETTY-DOMAIN
generate_compose_config: true
generate_nginx_config: true
http_port:
https_port:
ssl: false
real_ips:
- 172.16.0.0/12then simulate a wrong login
Issue Tracking Info
- I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.