If you have an Nginx reverse proxy in front of your Radix node then the Radix log file will show connections from 127.0.0.1
instead of the real IP address of the node you are connected to.
For example:
Auth handshake failed on {-> ?@127.0.0.1:57872 | AUTH_HANDSHAKE}: Handshake decryption failed (Invalid MAC)
After enabling the Proxy Protocol you will see the real ip logged:
Auth handshake failed on {-> ?@164.132.201.13:51752 | AUTH_HANDSHAKE}: Handshake decryption failed (Invalid MAC)
1. Enable the Proxy Protocol in your Radix configuration
Add the following line to the default.config
files:
network.p2p.use_proxy_protocol=true
2. Enable the Proxy Protocol in your Nginx configuration
Edit the nginx.conf
file (usually found in /etc/nginx
) and change the server block near the top of the file from:
server {
listen 30000;
proxy_pass 127.0.0.1:30001;
}
to
server {
listen 30000 proxy_protocol;
proxy_protocol on;
proxy_pass 127.0.0.1:30001;
}
Note: You may have different ports numbers/ip address in your configuration. Donât change these details - just append the proxy_protocol
directive to the listen
line and add the new proxy_protocol on;
line.
After making these changes, ensure your nginx configuration file is valid by running:
sudo nginx -t
# nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
# nginx: configuration file /etc/nginx/nginx.conf test is successful
3. Apply the Changes
You need to apply the changes at about the same time otherwise Radix will throw lots of exceptions.
sudo systemctl reload nginx
sudo systemctl restart radixdlt-node