Securely Configuring Nginx with Real IP for Private Network Access

Hello Render Community,

I’m working on setting up a web application on Render’s infrastructure, and I need to ensure that the instance is only accessible via our corporate VPN. To achieve this, I have configured an nginx proxy server to forward HTTP(S) traffic to my application server. My application server is on a Render private network.

I’m facing a challenge with the X-Forwarded-For header, which can be forged, potentially allowing unauthorized access to the application. I understand that I need to configure the set_real_ip_from directive in my nginx configuration to only trust the X-Forwarded-For header when it comes from Render’s load balancers.

I am looking for alternative solutions or best practices to ensure the security of my setup. Are there any recommended methods or configurations for securing the X-Forwarded-For header or other ways to restrict access to my application to only users connected to our corporate VPN?

I appreciate any guidance or suggestions that the community can provide. If you need further information or clarification, please let me know.

Thank you in advance for your assistance!

Hi Ryan,

We’ll continue to discuss this in the support ticket you have open and document any learnings here.



This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.