Docker overrides remote_addr and forwarded_for headers to the bridge network ip

dgrg · November 15, 2023, 1:43pm

As described in the title and in numerous posts on github and the docker community forums nginx is unable to fetch and log in the access.log the original requesting ip and the remote_addr and forrwarded_for headers are always equal to the docker network’s ip.

Is there any progress on rectifying this issue besides “hacky” approaches posted years ago.
I would like to avoid running in host mode or meddling with the iptables rules etc as suggested in some topics.

Thank you for your time.

meyay · November 15, 2023, 10:46pm

In order for a container to retain the source ip of a tcp/ip connection, it must either use the host network (=no network namespace isolation) or use a macvlan network (=bridge network into your lan, like a switch).

Docker swarm services can publish a container port to a host port in mode=host while still maintaining network namespace isolation using an overlay network, and still retain the source ip.

It has been like this for years.

Topic		Replies	Views
Network : Lost Host IP General docker	1	2830	October 28, 2015
Problem with docker container redirecting to docker container on different host General	2	577	October 25, 2023
Docker Swarm Nginx host configuration issue General docker	4	4104	January 16, 2023
Logging client IP address Swarm	1	4364	October 18, 2016
Cannot access container via external IP but can access via host IP with port General	1	4653	October 6, 2020

Docker overrides remote_addr and forwarded_for headers to the bridge network ip

Related topics