How to display the client IP in the log?

[v2raye]

I installed v:0.107.2 using docker on VPS machine.
docker run --name adguardhome
--restart unless-stopped
-v /my/own/workdir:/opt/adguardhome/work
-v /my/own/confdir:/opt/adguardhome/conf
-p 53:53/tcp -p 53:53/udp
-p 4433:4433/tcp -p 4433:4433/udp -p 3000:3000/tcp
-p 853:853/tcp -p 853:853/udp
-d adguard/adguardhome
Port: 4433 for DOH, using nginx reverse proxy,

location /dns-query {
     proxy_http_version 1.1;
     proxy_set_header Host $http_host;
     proxy_buffering off;
     proxy_redirect off;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_pass https://IP:4433/dns-query;
 }

Now only the IP of the VPS is displayed, and the IP of the client in the log will not be displayed.

Read: DNS-over-HTTPS queries now use the real IP address of the client instead of the address of the proxy (#2799).I've tried various methods, but I can't solve it.

[gzlearm]

I also encountered this problem. The local host IP is displayed, and the client IP is not displayed

[v2raye]

@gzlearm I perused the AdguardHome Wiki again and found the answer.
Using with reverse proxy
We already have a guide on configuring a reverse proxy server for accessing AdGuard Home web UI.

Since v0.107.0 AdGuard Home is able to restrict DNS-over-HTTPS requests which came from the proxy server not included into "trusted" list. By default, it's configured to accept requests from IPv4 and IPv6 loopback addresses.

To enable AdGuard Home to handle DNS-over-HTTPS requests from a reverse proxy server, set the trusted_proxies setting in AdGuardHome.yaml to the IP address of the proxy server. If you have several proxy servers, you can use a CIDR instead of a simple IP address.

1.Editing AdGuardHome.yaml

2.Add your VPS IP address to trusted_proxies

Now it's working fine

[Turab]

This didn't work for me. All requests seem to be coming from 10.0.0.2

I edited the AdguardHome.yaml and added this to trusted proxies below the existing ones which then looked like:

  trusted_proxies:                                       
    - 127.0.0.0/8
    - ::1/128
    - 10.0.0.2

I also tried adding 10.0.0.0/8
Then I restarted the container (to make it load the conf file?). But all requests are still logged from the client 10.0.0.2

[Turab]

Any possible cause why this fix doesn't work for me? I checked nginx proxy conf and it looks ok:

            proxy_pass $upstream;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;

[Turab]

My problem turned out to be caused by Firewall. I have Endian Firewall in front of the VPS and installed AdGuard Home on a container on this VPS. All the clients except of DoH seem to be having IP 10.0.0.2 which is actually the Endian Firewall's local IP.

I tried adding this to DNS servers:
[/0.10.in-addr.arpa/]192.168.233.1
192.168.233.1 is another local IP for the firewall. I also added 10.0.0.0/8 to trusted proxies. Still no luck. I don't get the real IP of the clients. Only thing changed is, very oddly, only some of the requests are logged like this:

10.0.0.2
someclientname

This someclientname is actually a DoH client which is configured to use AdGuard like https://example.com/dns-query/someclient. But that request actually did not come from someclient. And when the real someclient makes a request, it is correctly logged as someclient (45.12.75.23) with its real IP.

So now.. How to configure when behind a firewall?