Docker Community Forums

Share and learn in the Docker community.

Nginx cannot get to client IP?


Page 1 I’m a new user, I can only upload ‘one picture’ ‘two link’ at a time


Link

Description of the issue

I use “docker-compose up” to run the php-nginx cannot obtain the client IP, the display is the gateway IP.

I’ve searched a lot of options, but I can’t solve them.

Original ip is not passed to containers
[Unable to retrieve user’s IP address in docker swarm mode] link: https:/%/github.com/moby/moby/issues/25526)
[Real remote IP adress] link: https:/%/github.com/jwilder/nginx-proxy/issues/130)

Context information (for bug reports)

Output of “docker-compose version”

docker-compose version 1.21.1, build 7641a569
docker-py version: 3.2.1
CPython version: 3.6.4
OpenSSL version: OpenSSL 1.0.2k  26 Jan 2017

Output of “docker version”

Client:
 Version:      18.03.1-ce
 API version:  1.37
 Go version:   go1.9.5
 Git commit:   9ee9f40
 Built:        Thu Apr 26 07:12:48 2018
 OS/Arch:      windows/amd64
 Experimental: false
 Orchestrator: swarm

Server:
 Engine:
  Version:      18.03.1-ce
  API version:  1.37 (minimum version 1.12)
  Go version:   go1.9.5
  Git commit:   9ee9f40
  Built:        Thu Apr 26 07:22:38 2018
  OS/Arch:      linux/amd64
  Experimental: false

Output of “docker-compose config”

networks:
  lns-network:
    driver: bridge
services:
  nginx:
    image: nginx:1-alpine
    networks:
      lns-network: null
    ports:
    - published: 9000
      target: 80
    volumes:
    - E:\testip\web:/usr/share/nginx/html:rw
    - E:\testip\nginx.vh.default.conf:/etc/nginx/conf.d/default.conf:ro
  php:
    image: php:7-fpm
    networks:
      lns-network: null
    volumes:
    - E:\testip\web:/usr/share/nginx/html:rw
version: '3.6'

Steps to reproduce the issue

------------------------------------------ files S ------------------------------------------
file: ./docker-compose.yml

version: '3.6'

services:
  php:
    image: php:7-fpm
    volumes:
      - ./web:/usr/share/nginx/html
    networks:
      - lns-network
  nginx:
    image: nginx:1-alpine
    ports:
      - "9000:80"
    volumes:
      - ./web:/usr/share/nginx/html
      - ./nginx.vh.default.conf:/etc/nginx/conf.d/default.conf:ro
    networks:
      - lns-network
networks:
  lns-network:
    driver: bridge

file: ./nginx.vh.default.conf

server {
    listen       80;
    server_name  localhost;

    location / {
        root   /usr/share/nginx/html;
        index  index.php index.html index.htm;
    }
    
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    location ~* \.php$ {
        root            /usr/share/nginx/html;
        fastcgi_index   index.php;
        fastcgi_pass    php:9000;
        include         fastcgi_params;
        fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
        fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
    }
}

file: ./web/index.php

<?php
  phpinfo();

------------------------------------------ files E ------------------------------------------


Page 2 I’m a new user, I can only upload ‘one picture’ ‘two link’ at a time


Image are official.
Operating conditions:


This is a local access and mobile Access.But client IP is always gateway IP.


Page 3 I’m a new user, I can only upload ‘one picture’ ‘two link’ at a time


This is the network details:

Observed result

Get gateway IP

Expected result

Get Client IP

Additional information

Windows 10 1803(17134.112)



Attempt to obtain client IP:



Mode 1


When I use “host” network mode, I don’t know how to access my nginx.
./docker-compose.yml

version: '3.6'

services:
  php:
    image: php:7-fpm
    volumes:
      - ./web:/usr/share/nginx/html
    network_mode: "host"
  nginx:
    image: nginx:1-alpine
    volumes:
      - ./web:/usr/share/nginx/html
      - ./nginx.vh.default.conf:/etc/nginx/conf.d/default.conf:ro
    network_mode: "host"

docker-compose network_mode
ports


Page 4 I’m a new user, I can only upload ‘one picture’ ‘two link’ at a time


http://localhost/ cannot be accessed


Mode 2


host

I’m writing by this example, but I can’t run it.
./docker-compose.yml

version: '3.6'

services:
  php:
    image: php:7-fpm
    volumes:
      - ./web:/usr/share/nginx/html
    networks:
      hostnet: {}
  nginx:
    image: nginx:1-alpine
    volumes:
      - ./web:/usr/share/nginx/html
      - ./nginx.vh.default.conf:/etc/nginx/conf.d/default.conf:ro
    networks:
      hostnet: {}
networks:
  hostnet:
    external: true
    name: host

Page 5 I’m a new user, I can only upload ‘one picture’ ‘two link’ at a time


use docker-compose up


Page 6 I’m a new user, I can only upload ‘one picture’ ‘two link’ at a time


use docker stack


Mode 3


Authenticate proxy with nginx

I tried to add the following to the location ~* \.php$ { } on the ./nginx.vh.default.conf file.

proxy_set_header  Host              $http_host;   # required for docker client's sake
proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;

But the client IP obtained is still the gateway IP.

Tested today, using Linux to get the client IP right。
only test docker-compose up

You can’t get the source IP in replicated mode in the swarm. That’s been a known issue for a while now.

You can get around it by using host mode but that will prevent you from doing the swarm load balancing which means you need to have an external loadbalancer.

Thank you, I am a novice, I’m just trying to get real IP under Windows.
I thought Windows Docker and Linux is the same, I always use Windows, but not to get real IP, so to try to solve this problem.
I thought the Docker NIC can be a transparent proxy forwarding to get real IP, now seems to be just agent, no forwarding.

hello,
You need to set trusted proxy. In that case getClientIp() will use X-Forwarder-For header to get client IP address. -http: //symfony .com/doc/master/components/http_foundation/trusting_proxies.html
UC Browser Apk SHAREit Apk MX Player Apk

You can’t get the source IP in replicated mode in the swarm. That’s been a known issue for a while now. All you need is set a trusted proxy.

Kmspico ModelPapers

Hi!
Were you able to recover the real ip?

I had similar issue this is what i tried and it fixed my issue…

go to /etc/nginx/sites-available/ you will found default file where you had configured your servers like this.
server{
server_name example.com;
location / {
proxy_pass http://localhost:4000;
proxy_set_header X-Real-IP $remote_addr; <—Add this line
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; <—this line too
}
2.there will be one more file named proxy_params in /nginx folder make sure you have below lines in this file.

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Most important in your back-end code get the IP like this.
const ipAddress = req.headers[‘x-forwarded-for’] as string;
You can also check the request ip through this command.

$ sudo tail -f /var/log/nginx/access.log