This PR checks if an X-Forwarded-For header is present and treats this as the remote IP. This supports scenarios where Evilginx is behind a reverse proxy, a scenario which may have some operational security benefits.

The default behavior of Evilginx is to register certificates for subdomains on the fly. While convenient, this can hurt us if the target proactively monitors certificate transparency logs for brand impersonation attempts. To mitigate this, we can run Evilginx2 in developer mode (which will only generate the certs locally) and then front it with Nginx redirector, using a wildcard certificate and subdomain.

We would configure *.example.com DNS record and request a wildcard certificate (and a wildcard cert for any subdomains we may want to use as well, e.g *.phish.example.com).

An example nginx configuration may look like:

server {
	listen 443 ssl;
	server_name example.com;
	root /var/www/html;

	ssl_certificate /etc/nginx/pki/fullchain.cer;
	ssl_certificate_key /etc/nginx/pki/example.com.key;

	location / {
			set $backend_name evilginx;
			proxy_pass https://<evilginx_server_ip>:443;
			proxy_ssl_server_name on;
			proxy_ssl_name $host;
			proxy_set_header Host $host;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}
}