Getting real IP inside container

Hi,

(I’m replying to this old thread because somebody on the mailing list said they recently had a similar issue.)

Docker should report the real visitor IP address. For instance. this is a log line coming from a web server on one of my EC2 instances:

180.76.15.146 - - [11/Feb/2017:14:32:34 +0000] "GET / HTTP/1.1" 200 728 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" "-"

The server is using the official nginx image, without any kind of special customization.

I would suggest:

  • check your iptables rules (are you using any custom rule that might NAT the traffic?)
  • make sure you have a recent version of Docker (your initial post didn’t indicate the version that you’re using, and the version of the OS)

Note that in some scenarios (e.g. Docker Mac), there might be an extra translation layer hiding the real IP address of the client. If you want to know why, check this other post for a detailed explanation of Docker Mac’s VPNKit network layer.

I hope this helps.