HeliumTS is under pre-beta and active development. Expect bugs and breaking changes. If you find any issues, please report them in our GitHub
A stable release is planned for early December 2025.
Proxy Configuration for IP Detection
When deploying behind proxies (like Vercel, Cloudflare, AWS ALB, etc.), accurate client IP detection is crucial for rate limiting and connection limits. Without proper proxy configuration, the system might identify the proxy server's IP instead of the real client IP.
Configuration
Use the trustProxyDepth setting in your helium.config.ts:
1import type { HeliumConfig } from "heliumts/server";23const config: HeliumConfig = {4 trustProxyDepth: 1, // Set based on your deployment5};67export default config;
How It Works
Helium checks multiple headers to extract the client IP, in order of reliability:
CF-Connecting-IP- Cloudflare's guaranteed client IPTrue-Client-IP- Cloudflare Enterprise and AkamaiX-Real-IP- Set by Nginx and other proxiesX-Forwarded-For- Standard header containing IP chainreq.socket.remoteAddress- Direct connection IP (fallback)
Common Deployment Scenarios
Vercel / Netlify / Railway / DigitalOcean APPs
trustProxyDepth: 1
These platforms add one proxy layer.
Cloudflare → Your Server
trustProxyDepth: 1
Helium automatically uses the CF-Connecting-IP header.
Cloudflare → Nginx → Node.js
trustProxyDepth: 2
With two proxy layers (Nginx + Cloudflare).
Local Development
trustProxyDepth: 0 (Default)
No proxies in local development.
Security Considerations
- Setting trustProxyDepth Too Low: Rate limiting will apply to the proxy IP, affecting all users.
- Setting trustProxyDepth Too High: Potential security risk if
X-Forwarded-Foris spoofed.
Best Practice: Always set trustProxyDepth to match your exact proxy configuration.