Double NGINX configuration

I have tried to search for an answer but I have not yet found it.

At this moment I have it configured as follows:
Firewall – port forward 443 → NGINX Proxy server – Proxy 443 → Bitwarden (nginx) proxy server

I need this setup since I have multiple services running on 1 IP address.

For this example I will be using the following information:
Client IP: 123.12.1.5
proxy: 10.10.10.15
bitwarden: 10.10.10.20

Now, if I login on the bitwarden page I will get an e-mail saying I have logged in from: 10.10.10.15, event though my client IP address is 123.12.1.5.

I have already setup the following values in my nginx configuration, but it doesn’t seem to help:

    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_cache_revalidate on;
    proxy_cache my_cache;
    proxy_pass https://10.10.10.20/; # Bitwarden Server
    client_max_body_size 10M;
    proxy_set_header Host $host;

Is there someone who is able to help me with this configuration so I will actually get the IP address that I’m logging in from?

Out of curiosity, has anyone else have had this issue, or know a solution for this, since it could be a security “risk” since I won’t know if it would be me loging in at that moment.

not sure what self-hosted version you are using, but have you tried adding your local IP ranges to the “real_ips” setting in either config.yml or settings.env? (depending on what version you are using) I had a similar issue and this solved it for me. I also had to make sure that my reverse proxy passes the right headers through to nginx.

Thanks! it indeed was the real_ips. The only thing is it’s (for me) not really clear that I needed to configure this part.

Also to configure this, it is good to know you need to configure in bit warden in the config.yml (using my example) as follows:

real_ips:
- 10.10.10.15

Since just putting behind it will not make it work.