-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IP address - Docker #112
Comments
It's not a docker issue really, it's a nginx issue. Nginx needs to know what forwarding ip's to ignore when trying to determine the client's real ip address. The project already handles this for common services like AWS and Cloudfare. Currently there's no UI way of adding more IP ranges to this list but I'll add this to the feature request backlog. |
I'm running via Cloudflare so I'm a little confused why this isn't working then. Any troubleshooting suggestions? Or have I missed your point? Cheers! |
Hi, If this is I get it by adding this in the advanced settings of the Proxy Host in Nginx:
And the server behind the reverse proxy is apache, adding this configuration I have achieved that both apache and php get the real ip of the client.
|
Hello @jc21 any news on this. I think it just need to add in the file "proxy.conf" this lines :
Because it worked for me before using NPM, when i used this container : https://github.com/linuxserver/docker-swag |
For the record, each proxy host already has these Nginx directives applied. The IP ranges file defines some behaviour of Nginx in determining the value of the real IP header that it would send if you don't override it. Side note, this file should be empty in git and was committed with data by accident. The content of this file is immediately overwritten when the application is started (see this file) using the most current IP range lists from Cloudflare and Cloudfront. Looking at the nginx docs for the real IP module I think the big problem here is the following:
The default is Anyone wanting to test can use this docker image:
In order to ensure that the Nginx configuration for your host is written, please edit your host and save it to trigger a re-write. Note that this won't solve the initial enhancement, which is to allow a user-defined IP range for real IP determination. |
Hello @jc21, i have tested the real ip build, but for me it don't worked.
So i upgraded pip with this command Now i have this error: At least with the real ip setting i don't see the real ip at host behind npm. Only the ip from npm. |
That pip error should not occur anymore. I've been testing and concluded that the changes coming to v2.6.2 will fix the x-real-ip value not being set for you |
@jc21 I can confirm that 2.6.2 forward the real ip, for me it works very well. |
Thanks @jc21
So, for me, it is not working... But a first step ! |
Same for me, I'm getting Cloudflare IPs on destination host even thought all IPs are in ip_ranges.conf |
So I just tried the I have reverted to 2.6.0 & I now get the client IP again. |
Going to close as I have the real IPs in the containers at this current moment. Thanks for the efforts! |
Well, if you close it, do we have to open another one for those issues ?
|
I can confirm that this issue exists on 2.6.2 and reverting to 2.6.0 fixes this. @jc21 Should we create a new issue for this as this issue is close? |
I tried all of the above, including the links, but when I try to get the PHP variables for the server IP, I get the following, ips, instead of the real visitor IP. $_SERVER['HTTP_X_REAL_IP'] | 172.19.0.1
$_SERVER['HTTP_X_FORWARDED_FOR'] | 172.19.0.1 I am running the latest version ( Any help is greatly appreciated |
What's your setup into NPM, what's the actual config you're pasting into the advanced config section and what do the logs say and where are they from? |
On which system is docker running? In my case (Synology), I have created prerouting rules on iptables to be able to view real client IP
|
@Rustymage My current NPM configuration DetailsScheme: http Cache Assets: enabled Access List: Publicly Accessible SSLForce SSL: enabled Advanced Custom NGINX Configuration#Cloudflare
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2a06:98c0::/29;
set_real_ip_from 2c0f:f248::/32;
real_ip_header CF-Connecting-IP;
#real_ip_header X-Forwarded-For; |
@Salamafet I am running Ubuntu 22.04.2 LTS. I have no firewalls configured, just a network firewall. Nothing on the server. I am running docker rootless |
I found this via some searching - moby/moby#41789 It appears to be an issue with Docker rootless, rather than NPM. |
I run npm without docker in an lxc and @home and have same problems, all connections from outside shown as ip from npm client in my services instead the IP's from the visitors. |
Just passing by and bumping as I have been trying to get NPM to pass real IPs to my wordpress site Several tutorials followed, some did nothing, some broke my connection until I removed the advanced items Wild to see this issue is from 2019 |
I'm also still seeing this, it doesn't affect me negatively at this time, but I really would like to see remote ip addresses associated with public connections to my services. @jc21 this likely isn't high priority, but can you provide an update whether any work is planned or ongoing on this? |
same here its really critical for software developers like me :) |
In my case (Synology also) can confirm running this and adding the config originally posted by vsc55 into the Advanced tab of the Proxy Host in NPM solved the issue for me. Plex and Emby containers now see the remote client IP.
Thank you @Salamafet and @vsc55 for this solution |
Any solution to this yet? |
I've recently found this tool and use it on a docker image to point the outside world to some of my services. Some on Raspberry Pi's, some on a NUC.
This tool itself is running in the NUC.
What I've not understood is how to get the real IP address showing in those services. Currently it just shows me a docker IP address. An example is my Seafile service.
Is this a setting or line of code I'm missing? I'm not very experienced with docker so please be gentle!
Thanks in advance!
Rusty.
The text was updated successfully, but these errors were encountered: