Nginx reverse proxy in docker container - wrong IP logged
I am running Nginx in a Docker container as a reverse proxy using the configuration below. It basically redirects the request to another docker container running on the same machine
Problem
The problem is that the output in the access log states the wrong client IP address, specifically I get the IP of the Docker host 172.17.0.1
:
172.17.0.1 - - [24/May/2016:19:50:18 +0000] "GET /admin/ HTTP/1.1" 200 19243 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0" "-"
I tried to follow the advice from this post regarding the set_real_ip_from
directive but without any success.
Configuration
server {
listen 8000 ssl;
server_name example.com;
access_log /var/log/nginx/host.access.log main;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.key;
set_real_ip_from 172.17.0.1;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
location / {
proxy_pass http://172.17.0.1:8100/;
}
}
What am I missing here?
Edit:
I just realised that other people have a similar problem here and here but unfortunately no solution.
You probably will need the fix suggested by womble's answer in order to see the real IP at the real server.
In order to see the real client IP at either the real server or the proxying node, though, you'll need to modify your Docker configuration. I think the issue stems from Docker's network firewall sitting in front of nginx. See this question for solutions to that problem.