We expect in the docker image of an nginx we’re running - that $remote_addr will be the source IP of a machine that is surfing to this nginx.
Instead, the source IP seems to be an internal IP address related to docker swarm.
We see that 10.255.0.2 when we run docker network inspect ${INGRESS_NETWORK_HASH}
Depending on your setup, there are different ways to approach this.
If there’s a load balancer (or a reverse proxy) in front of this service, you can add standard HTTP headers to pass client info, like X-Real-IP
and X-Forwarded-For
If it’s an option, you can use host
network mode for your containers.
Sometimes it’s an option to add a load balancer in front of the setup - sometimes it complicates the setup significantly.
We’ve tried to add the host
network mode on the nginx container - and it didn’t help:
services:
web:
image: registry.replicated.com/___
restart: always
ports:
- "443:443"
- "80:80"
network_mode: host
...
I would double check that the container is actually running with that mode. This option is ignored in some versions. There is more info here.
Yep, it’s ignored in docker-compose version 3, and to my understanding we’re using version 3.3
I also see that network mapping is incompatible with network_mode: host.
I’ll try to remove the network mapping.
When we used the long systax to define the ports with network_mode host it did work.
Thanks!!
For reference - this is how our ports are defined now:
services:
web:
image: registry.replicated.com/___
restart: always
ports:
- target: 443
published: 443
mode: host
protocol: tcp
- target: 80
published: 80
mode: host
protocol: tcp