X-Forwarded-For not logged/honored in logs

[rmonk]

I'm running the ':latest' release of the container, and I see that the logs show my reverse proxy (haproxy running on another host) as the source IPs. I have the following config in haproxy:

backend webdav
	server [REDACTED] 192.168.1.5:8082
	option forwardfor
	http-request set-header X-Real-IP %[src]

And the proxy logs still seem to show the proxy IP instead of the "real" IP. I confirmed the proxy is sending correct headers with tcpdump. Is there a setting I need to adjust to tell nginx to log those, or do I have to rebuild the container with the tweaked log configuration?

[dgraziotin]

Since I compile with --with-http_realip_module, you can use the module to specify which is the "real IP" header. No need to rebuild the image. Fetch the /etc/nginx.conf from the running container, add the instructions, and mount it when relaunching the container.

Alternatively, you could use the same method to change the log format, to log the X-Real-IP somewhere.

[rmonk]

Thanks! I added:

    set_real_ip_from [PROXY_IP];
    real_ip_header    X-Forwarded-For;
    real_ip_recursive on;

mounted it within the container and it's working perfectly. Thank you very much!

It might be a bit complex, but it would be awesome if there was an environment variable setting for that, so I could keep your "stock" nginx config and just say "accept forwarded headers from X".

Maybe have something like:

http {
  server {
    include custom_server_options.conf
...

And then that file is empty by default. Then folks can mount /etc/nginx/custom_server_options.conf and include their own config and still keep yours.

[dgraziotin]

While I preferred not to expand on options via env variables (there's so many for so may use cases, and I want to keep it simple), I might actually add the custom config file, never thought of using an empty one, thanks!