Without this, you cannot also restrict access by IP as AdGuard Home thinks it's only interacting with 172.17.0.1. AdGuard Home should have a setting for what IP to trust (as anyone else can also set that header to pretend to be another IP) that can send X-Forwarded-For (in this case, set the trusted source as 172.17.0.1) and use the header value as client's IP instead.Reverse proxy can send X-Forwarded-For: 1.2.3.4header to AdGuard Home.Currently AdGuard Home logs 172.17.0.1 as client IP no matter what the actual client IP is.Regarding plain DNS on port 53 and DoT, you cannot reverse proxy those like web servers do, so it's ok to take the client's IP as is, as client's IP is exposed to AdGuard Home even through NAT, but for DoH through a reverse proxy, the client that's directly accessing AdGuard Home would be the reverse proxy web server making it looking like all requests are coming from the reverse proxy but by utilizing that header, AdGuard Home can obtain the actual client's IP.Ĭlient (1.2.3.4) -> Reverse proxy (172.17.0.1) -> AdGuard Home I'm also using Linuxserver.io's SWAG Nginx container, and serving the web ui up via a reverse proxy ( ), but that's only for the web ui the regular adguard ports are still open to the host and all devices connect to the host's ip + port 53. Sample of client queries from Adguard (ALL client IP's are always the same): It's only showing the IP of Docker's network (10.0.0.2) for every single item. See real/actual IP of the client in the logs Actual Behavior It is a local platform and such relies on your local hardware instead of some cloud capability. on another windows pc I set it's nic to use that dns. AdGuard Home Wiki.js Home Assistant Installation instructions: Home Assistant is a very powerful open source home automation platform with a large community around it. Just setup through adg's settings, then put the host ip and port in the device I want to use adg. '/mnt/e/Docker/adguard/data:/opt/adguardhome/work:rw'
0 Comments
Leave a Reply. |