If this IP address is set, Nginx does not check client certificates from a reverse proxy.

Default: ::ffff:192.168.1.10

For sensors reporting through the reverse proxy, the proxy must be configured with the client certificate and private key from the Carbon Black EDR server for the sensors.

In addition, the following headers should be set:

  • The X-Client-Cert-Id header must be set by the reverse proxy to the ID of the client certificate that the sensor uses.

  • The X-Real-IP header must be set to the correct address on the reverse proxy.

Details for the configuration and requirements for a reverse proxy are available from Broadcom Carbon Black Support.

Note:

The IPv4 address of a reverse proxy is in IPv6-wrapped format.

If the server has IPv6 disabled, use the IPv4 format for this configuration.