I am trying to put my FiveM server behind a reverse proxy.
The proxy by itself works fine when I join via cfx.re. There it neatly has the real IP of the player through.
However, when I connect via the proxy IP, this IP is not passed on so all players have the proxy IP according to the fivem server itself.
Does anyone have any idea how I can best solve this?
Thanks in advance
Weāre having the same issue.
Sadly, passing the real ip while using the setup from aformentioned github page only works when you connect via cfx.re proxy or via connect "https://your-server-address/" (note quoutes and https://, also port 443 has to be open and ssl cert has to be configured).
Followed your guide, same issue as above. Bubble on the discord mentioned that this is not possible on default port, but there are many servers doing it with default port.
We(at least I) just want to figure out why using full URL link including protocol works, but not plain domain without it.
Why does connect "http://proxy.server.com" and connect "https://proxy.server.com" works and simply connect proxy.server.com does notā¦
It will be easier for players to just type that, instead of copying whole link with https and putting it in quotes using f8.
Also, default 30120 port is used in the provided guide, which somehow tells us that this should wok on default port(and it does issue is with something else). We just want to follow it, set up proxy to forward real player IP when player uses domain without quotes.
ā¦ because āplain domain without itā turns into example.com:30120 which will just be performing a raw connection.
No, it shouldnāt in that sense, and this guide is written by some community member so shouldnāt be taken as authoritative. You should not be using the default port to ensure people donāt connect to your raw proxy by accident, and similarly it makes no real sense to put the HTTPS proxy on the same machine as the TCP/UDP proxy (or at least not have it behind another proxy such as CF or a Kubernetes ingress provider) as people who know the address to the protocol-aware port port can trivially just āattackā the other if thatās what your goal is here.
Again, there is no method or āsolutionā for adding a real-IP header to the raw port, nor can there possibly be as itās a raw port which is not and can not be protocol-aware.
Somewhat curious - why are you needing players to ātypeā anything anywhere? In fact, if correctly configured, join URLs do the same thing, as does the server list, so the use case here somewhat eludes me.
Yes, I have an idea that could help you solve this problem. It involves using the proxy protocol, which is a networking protocol that allows you to pass the real IP of the client to the server, even if the traffic is routed through a proxy. For example, I am using the proxies from https://shiftproxy.io for this, idk if it will work with others. This can be done by configuring the proxy to add a special header to all requests that contain the clientās IP address. Then, on the server side, you can use a library such as mod_proxy_protocol to read the header and extract the real IP address. I hope this helps, and good luck getting your FiveM server running behind a reverse proxy!