Bird
Raised Fist0
Nginxdevops~20 mins

Proxy headers in Nginx - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Proxy Headers Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
💻 Command Output
intermediate
2:00remaining
What is the effect of this Nginx proxy header configuration?
Given the following Nginx snippet inside a location block, what will be the value of the X-Forwarded-For header sent to the upstream server if the client IP is 192.168.1.10 and the original X-Forwarded-For header was 10.0.0.1?
Nginx
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
AX-Forwarded-For: 10.0.0.1, 192.168.1.10
BX-Forwarded-For: 192.168.1.10
CX-Forwarded-For: 192.168.1.10, 10.0.0.1
DX-Forwarded-For: 10.0.0.1
Attempts:
2 left
💡 Hint
Think about how $proxy_add_x_forwarded_for appends the client IP to the existing header.
🧠 Conceptual
intermediate
1:30remaining
Why is setting the Host header important in Nginx proxying?
When proxying requests with Nginx, why should you explicitly set the Host header using proxy_set_header Host $host;?
ATo disable caching on the upstream server.
BTo hide the client IP address from the upstream server.
CTo encrypt the request headers between Nginx and the upstream.
DTo ensure the upstream server receives the original requested hostname for proper routing or virtual hosting.
Attempts:
2 left
💡 Hint
Think about how web servers use the Host header to decide which site to serve.
Troubleshoot
advanced
2:00remaining
Why is the client IP not appearing correctly in the upstream logs?
You configured Nginx as a reverse proxy with this header:
proxy_set_header X-Real-IP $remote_addr;
But the upstream server logs show the proxy server's IP instead of the client IP. What is the most likely cause?
AThe <code>proxy_set_header</code> directive is syntactically incorrect.
BThe upstream server is not configured to log the <code>X-Real-IP</code> header and logs the connection IP instead.
CThe client IP is blocked by Nginx and replaced with the proxy IP.
DThe <code>X-Real-IP</code> header is overwritten by the client.
Attempts:
2 left
💡 Hint
Check how the upstream server obtains the client IP for logging.
Best Practice
advanced
1:30remaining
Which proxy header configuration best preserves the original client IP chain?
You want to forward the full chain of client IPs through Nginx to the upstream server. Which configuration is best?
Aproxy_set_header X-Forwarded-For '';
Bproxy_set_header X-Forwarded-For $remote_addr;
Cproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Dproxy_set_header X-Forwarded-For $http_x_forwarded_for;
Attempts:
2 left
💡 Hint
Consider how to append the new client IP to existing forwarded IPs.
🔀 Workflow
expert
3:00remaining
Order the steps to correctly configure Nginx to forward client IPs to an upstream server behind a load balancer.
Arrange these steps in the correct order to ensure the upstream server receives the real client IP when Nginx is behind a load balancer.
A2,1,3,4
B3,2,1,4
C2,3,1,4
D1,2,3,4
Attempts:
2 left
💡 Hint
Think about the data flow from client to load balancer, then Nginx, then upstream.

Practice

(1/5)
1. What is the main purpose of setting proxy headers like X-Real-IP in an nginx configuration?
easy
A. To encrypt the data between nginx and the client
B. To cache the client's request on nginx
C. To pass the original client's IP address to the backend server
D. To block unwanted IP addresses from accessing the server

Solution

  1. Step 1: Understand proxy headers role

    Proxy headers like X-Real-IP carry client info through nginx to backend servers.

  2. Step 2: Identify the purpose of X-Real-IP

    This header specifically passes the original client's IP address to the backend for logging or processing.

  3. Final Answer:

    To pass the original client's IP address to the backend server -> Option C

  4. Quick Check:

    Proxy headers pass client info = B [OK]
Hint: Remember: X-Real-IP shows client's real IP to backend [OK]
Common Mistakes:
  • Confusing proxy headers with encryption settings
  • Thinking proxy headers cache requests
  • Assuming proxy headers block IPs
2. Which of the following is the correct nginx directive to set the X-Forwarded-Proto header to the client's protocol?
easy
A. proxy_set_header X-Forwarded-Proto $scheme;
B. set_header X-Forwarded-Proto $protocol;
C. proxy_header X-Forwarded-Proto $scheme;
D. header_set X-Forwarded-Proto $protocol;

Solution

  1. Step 1: Recall nginx syntax for proxy headers

    The correct directive to set headers in nginx proxy is proxy_set_header.

  2. Step 2: Match variable for client protocol

    The variable $scheme holds the client's protocol (http or https).

  3. Final Answer:

    proxy_set_header X-Forwarded-Proto $scheme; -> Option A

  4. Quick Check:

    proxy_set_header + $scheme = A [OK]
Hint: Use proxy_set_header with $scheme for protocol header [OK]
Common Mistakes:
  • Using incorrect directive names like set_header
  • Using wrong variable names like $protocol
  • Mixing directive order or syntax
3. Given this nginx proxy configuration snippet:
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

What will be the value of X-Forwarded-For if the client IP is 10.0.0.1 and the request passed through one proxy with IP 192.168.1.1?
medium
A. 10.0.0.1
B. 192.168.1.1, 10.0.0.1
C. 192.168.1.1
D. 10.0.0.1, 192.168.1.1

Solution

  1. Step 1: Understand $proxy_add_x_forwarded_for behavior

    This variable appends the $remote_addr (proxy IP seen by nginx) to the existing X-Forwarded-For header chain from previous proxies.

  2. Step 2: Order of IPs in X-Forwarded-For

    The chain lists the original client first, then proxy IPs appended. For client 10.0.0.1 via proxy 192.168.1.1, it becomes 10.0.0.1, 192.168.1.1.

  3. Final Answer:

    10.0.0.1, 192.168.1.1 -> Option D

  4. Quick Check:

    Client IP last in X-Forwarded-For = C [OK]
Hint: X-Forwarded-For lists original client first, then proxies [OK]
Common Mistakes:
  • Reversing IP order in X-Forwarded-For
  • Confusing X-Real-IP with X-Forwarded-For
  • Ignoring existing proxy IPs in header
4. You have this nginx config snippet:
proxy_set_header X-Real-IP $remote_addr
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

When reloading nginx, it fails with a syntax error. What is the problem?
medium
A. Missing semicolon at the end of the first proxy_set_header line
B. Incorrect variable name $proxy_add_x_forwarded_for
C. proxy_set_header cannot be used twice in one block
D. X-Real-IP header cannot be set manually

Solution

  1. Step 1: Check nginx directive syntax

    Each directive line must end with a semicolon in nginx configuration.

  2. Step 2: Identify missing semicolon

    The first line lacks a semicolon after $remote_addr, causing syntax error.

  3. Final Answer:

    Missing semicolon at the end of the first proxy_set_header line -> Option A

  4. Quick Check:

    Every directive needs semicolon = D [OK]
Hint: Always end nginx directives with semicolon [OK]
Common Mistakes:
  • Ignoring semicolon syntax rules
  • Assuming variable names are wrong without checking
  • Thinking headers can't be set multiple times
5. You want to ensure your backend server correctly logs the original client IP and protocol when nginx proxies requests. Which complete nginx proxy header configuration snippet achieves this?
hard
A. proxy_set_header X-Real-IP $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $protocol;
B. proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme;
C. proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme;
D. proxy_set_header X-Real-IP $remote_addr proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for proxy_set_header X-Forwarded-Proto $scheme

Solution

  1. Step 1: Verify correct variables for headers

    X-Real-IP should be $remote_addr, X-Forwarded-For uses $proxy_add_x_forwarded_for, and X-Forwarded-Proto uses $scheme.

  2. Step 2: Check syntax correctness

    Each directive must end with a semicolon; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; has correct syntax and variables.

  3. Final Answer:

    proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; -> Option B

  4. Quick Check:

    Correct vars + semicolons = A [OK]
Hint: Use $remote_addr, $proxy_add_x_forwarded_for, $scheme with semicolons [OK]
Common Mistakes:
  • Swapping variables between headers
  • Omitting semicolons causing errors
  • Using undefined variables like $protocol