Arvados

This story follows #8198, which started using X-Forwarded-For to detect and set the IP address of compute nodes. However, when determining the likely IP of the remote client, Rails filters out any private address. If nothing's left after that, it falls back to using $REMOTE_ADDR as before.

This means that when compute nodes themselves are on a private network (e.g., 10/8), the API server ultimately "detects" their IP address as Nginx's (usually 127.0.0.1), putting wrong information in the node record.

action_dispatch.trusted_proxies became configurable in Rails 4. If we do #7709, the administrator can fix this by setting trusted_proxies to only Nginx's IP address.