Ryfujk

ELI5: Why do they say that Israel would have been the fourth country to land a spacecraft on the Moon and why do they call it low cost?

Do warforged have souls?

Sort list of array linked objects by keys and values

Would an alien lifeform be able to achieve space travel if lacking in vision?

Can the prologue be the backstory of your main character?

Simulating Exploding Dice

What do you call a plan that's an alternative plan in case your initial plan fails?

The following signatures were invalid: EXPKEYSIG 1397BC53640DB551

How to politely respond to generic emails requesting a PhD/job in my lab? Without wasting too much time

Typeface like Times New Roman but with "tied" percent sign

How does this infinite series simplify to an integral?

What information about me do stores get via my credit card?

Did God make two great lights or did He make the great light two?

Match Roman Numerals

Is it ok to offer lower paid work as a trial period before negotiating for a full-time job?

Road tyres vs "Street" tyres for charity ride on MTB Tandem

Finding the path in a graph from A to B then back to A with a minimum of shared edges

Was credit for the black hole image misattributed?

Change bounding box of math glyphs in LuaTeX

Did the UK government pay "millions and millions of dollars" to try to snag Julian Assange?

Am I ethically obligated to go into work on an off day if the reason is sudden?

How do I add random spotting to the same face in cycles?

The variadic template constructor of my class cannot modify my class members, why is that so?

Why can't wing-mounted spoilers be used to steepen approaches?

Nginx reverse proxy in docker container - wrong IP logged

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}

6

I am running Nginx in a Docker container as a reverse proxy using the configuration below. It basically redirects the request to another docker container running on the same machine

Problem

The problem is that the output in the access log states the wrong client IP address, specifically I get the IP of the Docker host 172.17.0.1:

172.17.0.1 - - [24/May/2016:19:50:18 +0000] "GET /admin/ HTTP/1.1" 200 19243 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0" "-"

I tried to follow the advice from this post regarding the set_real_ip_from directive but without any success.

Configuration

server {

    listen       8000 ssl;

    server_name  example.com;



    access_log  /var/log/nginx/host.access.log  main;



    ssl_certificate     /path/to/cert.pem;

    ssl_certificate_key /path/to/key.key;



    set_real_ip_from 172.17.0.1;

    real_ip_header X-Forwarded-For;

    real_ip_recursive on;



    proxy_set_header    Host $host:$server_port;

    proxy_set_header    X-Real-IP $remote_addr;

    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header    X-Forwarded-Proto $scheme;



    location / {

        proxy_pass  http://172.17.0.1:8100/;

    }

}

What am I missing here?

---

Edit:

I just realised that other people have a similar problem here and here but unfortunately no solution.

nginx docker

share|improve this question

edited May 26 '16 at 8:03

mincos

asked May 24 '16 at 20:24

mincosmincos

13113

bumped to the homepage by Community♦ 11 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

add a comment | 

6

I am running Nginx in a Docker container as a reverse proxy using the configuration below. It basically redirects the request to another docker container running on the same machine

Problem

The problem is that the output in the access log states the wrong client IP address, specifically I get the IP of the Docker host 172.17.0.1:

172.17.0.1 - - [24/May/2016:19:50:18 +0000] "GET /admin/ HTTP/1.1" 200 19243 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0" "-"

I tried to follow the advice from this post regarding the set_real_ip_from directive but without any success.

Configuration

server {

    listen       8000 ssl;

    server_name  example.com;



    access_log  /var/log/nginx/host.access.log  main;



    ssl_certificate     /path/to/cert.pem;

    ssl_certificate_key /path/to/key.key;



    set_real_ip_from 172.17.0.1;

    real_ip_header X-Forwarded-For;

    real_ip_recursive on;



    proxy_set_header    Host $host:$server_port;

    proxy_set_header    X-Real-IP $remote_addr;

    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header    X-Forwarded-Proto $scheme;



    location / {

        proxy_pass  http://172.17.0.1:8100/;

    }

}

What am I missing here?

---

Edit:

I just realised that other people have a similar problem here and here but unfortunately no solution.

nginx docker

share|improve this question

edited May 26 '16 at 8:03

mincos

asked May 24 '16 at 20:24

mincosmincos

13113

bumped to the homepage by Community♦ 11 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

add a comment | 

I am running Nginx in a Docker container as a reverse proxy using the configuration below. It basically redirects the request to another docker container running on the same machine

Problem

The problem is that the output in the access log states the wrong client IP address, specifically I get the IP of the Docker host 172.17.0.1:

172.17.0.1 - - [24/May/2016:19:50:18 +0000] "GET /admin/ HTTP/1.1" 200 19243 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0" "-"

I tried to follow the advice from this post regarding the set_real_ip_from directive but without any success.

Configuration

server {

    listen       8000 ssl;

    server_name  example.com;



    access_log  /var/log/nginx/host.access.log  main;



    ssl_certificate     /path/to/cert.pem;

    ssl_certificate_key /path/to/key.key;



    set_real_ip_from 172.17.0.1;

    real_ip_header X-Forwarded-For;

    real_ip_recursive on;



    proxy_set_header    Host $host:$server_port;

    proxy_set_header    X-Real-IP $remote_addr;

    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header    X-Forwarded-Proto $scheme;



    location / {

        proxy_pass  http://172.17.0.1:8100/;

    }

}

What am I missing here?

---

Edit:

I just realised that other people have a similar problem here and here but unfortunately no solution.

nginx docker

share|improve this question

edited May 26 '16 at 8:03

mincos

asked May 24 '16 at 20:24

mincosmincos

13113

server {

    listen       8000 ssl;

    server_name  example.com;



    access_log  /var/log/nginx/host.access.log  main;



    ssl_certificate     /path/to/cert.pem;

    ssl_certificate_key /path/to/key.key;



    set_real_ip_from 172.17.0.1;

    real_ip_header X-Forwarded-For;

    real_ip_recursive on;



    proxy_set_header    Host $host:$server_port;

    proxy_set_header    X-Real-IP $remote_addr;

    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header    X-Forwarded-Proto $scheme;



    location / {

        proxy_pass  http://172.17.0.1:8100/;

    }

}

share|improve this question

edited May 26 '16 at 8:03

mincos

asked May 24 '16 at 20:24

mincosmincos

13113

share|improve this question

edited May 26 '16 at 8:03

mincos

asked May 24 '16 at 20:24

mincosmincos

13113

asked May 24 '16 at 20:24

mincosmincos

13113

asked May 24 '16 at 20:24

mincosmincos

13113

1 Answer
1

active

oldest

votes

0

You need to set the X-Forwarded-For header (not X-Real-IP, that's even less standard) on the machine doing the proxying, and you need to tell whatever's receiving the request to trust that the XFF header is legit because it's coming from a known IP. The config you've got in your question is only for one machine, but it's got the config you need for both ends.

share|improve this answer

answered May 25 '16 at 7:50

womble♦womble

85.8k18145204

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thank you for your reply. I understand that both machines have to be configured but the log entry I posted above is from the proxying machine / docker container. So already that one does not get the proper IP address of the request but instead logs the IP of the docker host.
  
  – mincos
  May 26 '16 at 7:45
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f778798%2fnginx-reverse-proxy-in-docker-container-wrong-ip-logged%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

You need to set the X-Forwarded-For header (not X-Real-IP, that's even less standard) on the machine doing the proxying, and you need to tell whatever's receiving the request to trust that the XFF header is legit because it's coming from a known IP. The config you've got in your question is only for one machine, but it's got the config you need for both ends.

share|improve this answer

answered May 25 '16 at 7:50

womble♦womble

85.8k18145204

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thank you for your reply. I understand that both machines have to be configured but the log entry I posted above is from the proxying machine / docker container. So already that one does not get the proper IP address of the request but instead logs the IP of the docker host.
  
  – mincos
  May 26 '16 at 7:45
  

  
  
  
  

add a comment | 

0

You need to set the X-Forwarded-For header (not X-Real-IP, that's even less standard) on the machine doing the proxying, and you need to tell whatever's receiving the request to trust that the XFF header is legit because it's coming from a known IP. The config you've got in your question is only for one machine, but it's got the config you need for both ends.

share|improve this answer

answered May 25 '16 at 7:50

womble♦womble

85.8k18145204

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thank you for your reply. I understand that both machines have to be configured but the log entry I posted above is from the proxying machine / docker container. So already that one does not get the proper IP address of the request but instead logs the IP of the docker host.
  
  – mincos
  May 26 '16 at 7:45
  

  
  
  
  

add a comment | 

You need to set the X-Forwarded-For header (not X-Real-IP, that's even less standard) on the machine doing the proxying, and you need to tell whatever's receiving the request to trust that the XFF header is legit because it's coming from a known IP. The config you've got in your question is only for one machine, but it's got the config you need for both ends.

share|improve this answer

answered May 25 '16 at 7:50

womble♦womble

85.8k18145204

share|improve this answer

answered May 25 '16 at 7:50

womble♦womble

85.8k18145204

answered May 25 '16 at 7:50

womble♦womble

85.8k18145204

answered May 25 '16 at 7:50

womble♦womble

85.8k18145204