I have a problem with NestJS app, I want to restrict my API for some countries, but req.ip returns Private IP which is like 10.123.32.13, and I'm unable to detect from which country user comes from. Is there any other option to get Public IP of the user?
#Get Public IP of the user with NestJS
cloud wind
cobalt sonnetBOT
When your NestJS application is behind a reverse proxy, you may need to enable the "trust proxy" option in Express or Fastify, depending on your server.
In Express, you can enable the trust proxy option using the app.set() method.
async function bootstrap() {
const app = await NestFactory.create(AppModule);
app.set('trust proxy', true); // <----
await app.listen(3000);
}
If you're using Fastify, you can enable the trustProxy option in FastifyAdapter.
import { FastifyAdapter, NestFastifyApplication } from '@nestjs/platform-fastify';
async function bootstrap() {
const app = await NestFactory.create<NestFastifyApplication>(
AppModule,
new FastifyAdapter({
trustProxy: true, // <----
}),
);
}
By enabling the "trust proxy" option, Express/Fastify will trust the
X-Forwarded-Forheader and consider it the client's IP address.
Suppose you use the @nestjs/throttler module to rate-limit users and protect applications from brute-force attacks.
In that case, besides enabling the "trust proxy" option, you should override the getTracker() method to pull the value from the header rather than from req.ip.
// throttler-behind-proxy.guard.ts
import { ThrottlerGuard } from '@nestjs/throttler';
import { Injectable } from '@nestjs/common';
@Injectable()
export class ThrottlerBehindProxyGuard extends ThrottlerGuard {
protected getTracker(req: Record<string, any>): string {
return req.ips.length ? req.ips[0] : req.ip; // individualize IP extraction to meet your own needs
}
}
// app.controller.ts
import { ThrottlerBehindProxyGuard } from './throttler-behind-proxy.guard';
@UseGuards(ThrottlerBehindProxyGuard)
we use express, set doesnt exist on type of app
oh, I needed to set nest application type
still getting private ip instead of public ip
restive tinsel
still getting private ip instead of public ip
is your application being served behind a public IP address? 
are you aware of what sits between the users and your application and how the user's traffic reaches it? reverse proxies, firewalls, weird cloud configurations, ...?
does the reverse proxy add an X-Forwarded-For header to indicate where the original request came from?
cloud wind
To be honest, I don't know, all I can say is that backend is deployed on aws s3 with docker, and frontend is just a nextjs application deployed on vercel
and there is no any proxy between the services, at least no proxy I set up or any of my colleagues
misty eagle
restive tinsel
and there is no any proxy between the services, at least no proxy I set up or an...
is an actual user sending the request, or is the next js app doing a local request with SSR?
To be honest, I don't know
you don't have any idea what is the traffic flow? How does a user's traffic reach your application?
what will happen if you print the request headers?
cloud wind
like I'm getting private ip even when use swagger or postman, no matter if it's SSR request or user event triggered query, every time we get the same private ip
restive tinsel
like I'm getting private ip even when use swagger or postman, no matter if it's ...
can you print out the request headers?
cloud wind
I'll send it here when come back from store
I sent you a private message in case something sensitive is there
restive tinsel
I sent you a private message in case something sensitive is there
that doesn't contain any sensitive information, and please post it here so others answer you, as I don't have much experience with aws products
cloud wind
Ok, so our DevOps made some changes in backend proxy configuration (didn't tell us what he has done) and now it's working