Docker Community Forums

Share and learn in the Docker community.

Getting real IP inside container


So, I would like to run a service inside container which wil be accessible from outside (imagine like httpd). Everything works fine, but the IP of the “visitor” will always be I tried bridged and host mode and it’s the same.

I searched everywhere, but I could not find a single article about this issue …

My question is, what do I have to do, so the service inside container sees the real IP not the host IP?


PS: Docker is running on a server that is in the same network as my PC, but different device (like and The issue is also no different, if I access container from outside (via port forwarding).

without much knowledge about it I think the default way is to assume the hosts IP address plus a port number that can be assigned randomly or fixed, so you reach your container’s service under

this might also be a god read

I think you have misunderstood my issue.

For example I run Apache in container. When I access it for example with (IP of docker host in my network), the container sees me as, when it should display (my PC) or my external IP, if I access it externally (eg.

Second example. I run SSH inside container and I run command “who” from the client. Instead of getting my real IP, I get

I tried bridge and host most and the thing is the same.

Okay I found out, if I use --net=host then I get real visitor IPs. However, I would prefer using bridge mode, so I do not “contaminate” host with all ports that I don’t even need to be exposed outside of the container.

Is it possible to achieve that somehow?


(I’m replying to this old thread because somebody on the mailing list said they recently had a similar issue.)

Docker should report the real visitor IP address. For instance. this is a log line coming from a web server on one of my EC2 instances: - - [11/Feb/2017:14:32:34 +0000] "GET / HTTP/1.1" 200 728 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +" "-"

The server is using the official nginx image, without any kind of special customization.

I would suggest:

  • check your iptables rules (are you using any custom rule that might NAT the traffic?)
  • make sure you have a recent version of Docker (your initial post didn’t indicate the version that you’re using, and the version of the OS)

Note that in some scenarios (e.g. Docker Mac), there might be an extra translation layer hiding the real IP address of the client. If you want to know why, check this other post for a detailed explanation of Docker Mac’s VPNKit network layer.

I hope this helps.