Frontend Real IP Header Configuration

With the introduction of local account mechanisms in V1, accurate retrieval of the client’s real IP address is essential to prevent brute-force attacks on login endpoints (Web Application Firewall functionality).
This feature can be managed via /dashboard/settings/waf.

Configuration Scenarios

Depending on how the service is deployed, there are two primary configuration scenarios:

1. Direct Public Access to the Dashboard

Enable Use Direct IP in the settings. No additional configuration is required.

2. Deployment Behind a Web Proxy or CDN

Refer to the Reverse Proxy Configuration documentation.
The configuration examples utilize the nz-realip header for transmitting client IP addresses. You can either use this default header or define your own.
Ensure the proxy server is correctly set up to include the client IP in the custom header and forward it to the Dashboard.

Common Issues

Q1: What if a configuration error causes the Dashboard to be inaccessible or agents to disconnect?

Modify the Dashboard configuration file:
Locate the configuration file at /data/config.yaml and update the following entry:
yaml
```
realipheader: ""
```
Set the realipheader value to an empty string (""), save, and exit.
Restart the Dashboard service.
Access the Dashboard again and verify if the connection is restored.

Frontend Real IP Header Configuration ​

Configuration Scenarios ​

1. Direct Public Access to the Dashboard ​

2. Deployment Behind a Web Proxy or CDN ​

Common Issues ​

Q1: What if a configuration error causes the Dashboard to be inaccessible or agents to disconnect? ​