Hi,
I recently set up a NodeBalancer in front of a Rails 3.2.12 app.
The app is served by nginx and Unicorn.

All seems to work fine, but I get a lot of errors such as theses that I didn't get when I only had 1 server.

IP spoofing attack?!HTTP_CLIENT_IP="10.16.81.184"HTTP_X_FORWARDED_FOR="136.160.88.153, 192.168.255.5"
actionpack (3.2.12) lib/action_dispatch/middleware/remote_ip.rb:55:in `calculate_ip'

Here is my nginx configuration for the app.

upstream unicorn {
server unix:/tmp/unicorn.ahotu-calendars.sock fail_timeout=0;
}

server {
listen 80 default deferred;
root /home/deployer/apps/appdirectory/current/public;
if (-f $document_root/system/maintenance.html) {
return 503;
}
error_page 503 @maintenance;
location @maintenance {
rewrite ^(.*)$ /system/maintenance.html last;
break;
}

location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}

try_files $uri/index.html $uri @unicorn;
location @unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn;
}

error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}

Did I do something wrong?

Thank you

Looks like Rails having trouble with 2 X-Forward-For addresses.

The nodebalancer adds an X-Forwarded-For header, that they haven't document despite me bugging them about it numberious times.

In my nginx setup I've got the following in a server that replaces the source IP for only the nodebalancer. I don't know if it removes the proxy header:

real_ip_header X-Forwarded-For;
set_real_ip_from 192.168.255.0/24;

If you still have problems try to overwride the X-Forwarded-For rather than adding an address.

Finally documented: https://library.linode.com/nodebalancers/reference