Nginx cannot get to client IP?


Page 1 I’m a new user, I can only upload ‘one picture’ ‘two link’ at a time


Link

Description of the issue

I use “docker-compose up” to run the php-nginx cannot obtain the client IP, the display is the gateway IP.

I’ve searched a lot of options, but I can’t solve them.

Original ip is not passed to containers
[Unable to retrieve user’s IP address in docker swarm mode] link: https:/%/github.com/moby/moby/issues/25526)
[Real remote IP adress] link: https:/%/github.com/jwilder/nginx-proxy/issues/130)

Context information (for bug reports)

Output of “docker-compose version”

docker-compose version 1.21.1, build 7641a569
docker-py version: 3.2.1
CPython version: 3.6.4
OpenSSL version: OpenSSL 1.0.2k  26 Jan 2017

Output of “docker version”

Client:
 Version:      18.03.1-ce
 API version:  1.37
 Go version:   go1.9.5
 Git commit:   9ee9f40
 Built:        Thu Apr 26 07:12:48 2018
 OS/Arch:      windows/amd64
 Experimental: false
 Orchestrator: swarm

Server:
 Engine:
  Version:      18.03.1-ce
  API version:  1.37 (minimum version 1.12)
  Go version:   go1.9.5
  Git commit:   9ee9f40
  Built:        Thu Apr 26 07:22:38 2018
  OS/Arch:      linux/amd64
  Experimental: false

Output of “docker-compose config”

networks:
  lns-network:
    driver: bridge
services:
  nginx:
    image: nginx:1-alpine
    networks:
      lns-network: null
    ports:
    - published: 9000
      target: 80
    volumes:
    - E:\testip\web:/usr/share/nginx/html:rw
    - E:\testip\nginx.vh.default.conf:/etc/nginx/conf.d/default.conf:ro
  php:
    image: php:7-fpm
    networks:
      lns-network: null
    volumes:
    - E:\testip\web:/usr/share/nginx/html:rw
version: '3.6'

Steps to reproduce the issue

------------------------------------------ files S ------------------------------------------
file: ./docker-compose.yml

version: '3.6'

services:
  php:
    image: php:7-fpm
    volumes:
      - ./web:/usr/share/nginx/html
    networks:
      - lns-network
  nginx:
    image: nginx:1-alpine
    ports:
      - "9000:80"
    volumes:
      - ./web:/usr/share/nginx/html
      - ./nginx.vh.default.conf:/etc/nginx/conf.d/default.conf:ro
    networks:
      - lns-network
networks:
  lns-network:
    driver: bridge

file: ./nginx.vh.default.conf

server {
    listen       80;
    server_name  localhost;

    location / {
        root   /usr/share/nginx/html;
        index  index.php index.html index.htm;
    }
    
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    location ~* \.php$ {
        root            /usr/share/nginx/html;
        fastcgi_index   index.php;
        fastcgi_pass    php:9000;
        include         fastcgi_params;
        fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
        fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
    }
}

file: ./web/index.php

<?php
  phpinfo();

------------------------------------------ files E ------------------------------------------


Page 2 I’m a new user, I can only upload ‘one picture’ ‘two link’ at a time


Image are official.
Operating conditions:


This is a local access and mobile Access.But client IP is always gateway IP.


Page 3 I’m a new user, I can only upload ‘one picture’ ‘two link’ at a time


This is the network details:

Observed result

Get gateway IP

Expected result

Get Client IP

Additional information

Windows 10 1803(17134.112)



Attempt to obtain client IP:



Mode 1


When I use “host” network mode, I don’t know how to access my nginx.
./docker-compose.yml

version: '3.6'

services:
  php:
    image: php:7-fpm
    volumes:
      - ./web:/usr/share/nginx/html
    network_mode: "host"
  nginx:
    image: nginx:1-alpine
    volumes:
      - ./web:/usr/share/nginx/html
      - ./nginx.vh.default.conf:/etc/nginx/conf.d/default.conf:ro
    network_mode: "host"

docker-compose network_mode
ports


Page 4 I’m a new user, I can only upload ‘one picture’ ‘two link’ at a time


http://localhost/ cannot be accessed


Mode 2


host

I’m writing by this example, but I can’t run it.
./docker-compose.yml

version: '3.6'

services:
  php:
    image: php:7-fpm
    volumes:
      - ./web:/usr/share/nginx/html
    networks:
      hostnet: {}
  nginx:
    image: nginx:1-alpine
    volumes:
      - ./web:/usr/share/nginx/html
      - ./nginx.vh.default.conf:/etc/nginx/conf.d/default.conf:ro
    networks:
      hostnet: {}
networks:
  hostnet:
    external: true
    name: host

Page 5 I’m a new user, I can only upload ‘one picture’ ‘two link’ at a time


use docker-compose up


Page 6 I’m a new user, I can only upload ‘one picture’ ‘two link’ at a time


use docker stack


Mode 3


Authenticate proxy with nginx

I tried to add the following to the location ~* \.php$ { } on the ./nginx.vh.default.conf file.

proxy_set_header  Host              $http_host;   # required for docker client's sake
proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;

But the client IP obtained is still the gateway IP.

Tested today, using Linux to get the client IP right。
only test docker-compose up

You can’t get the source IP in replicated mode in the swarm. That’s been a known issue for a while now.

You can get around it by using host mode but that will prevent you from doing the swarm load balancing which means you need to have an external loadbalancer.

Thank you, I am a novice, I’m just trying to get real IP under Windows.
I thought Windows Docker and Linux is the same, I always use Windows, but not to get real IP, so to try to solve this problem.
I thought the Docker NIC can be a transparent proxy forwarding to get real IP, now seems to be just agent, no forwarding.

hello,
You need to set trusted proxy. In that case getClientIp() will use X-Forwarder-For header to get client IP address. -http: //symfony .com/doc/master/components/http_foundation/trusting_proxies.html

Hi!
Were you able to recover the real ip?