Fix X-Forwarded-For

Signed-off-by: Tommy <contact@tommytran.io>

etc/nginx/snippets/proxy.conf

@@ -18,7 +18,13 @@ proxy_set_header   Upgrade $http_upgrade;
 proxy_set_header   Connection "upgrade";
 
 # Enable X-Forwarded headers
-proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+## Using $proxy_add_x_forwarded_for will append the $remote_addr to the end of the the IP lists
+## If some clients sends a fake X-Forwarded-For, and the upstream server does not parses this
+## correctly, it could result in security issues.
+## We are not behind a reverse proxy, so just set it to $remote_addr should be good enough.
+proxy_set_header X-Forwarded-For $remote_addr;
+
 proxy_set_header X-Forwarded-Host $host;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_set_header X-Forwarded-Ssl on;
@@ -36,4 +42,4 @@ proxy_set_header X-Original-URI "";
 
 # Potentially dangerous: https://github.com/oauth2-proxy/oauth2-proxy/issues/735
 proxy_set_header X-Original-Method "";
-proxy_set_header X-Forwarded-Method "";
+proxy_set_header X-Forwarded-Method "";