Why doesn't nginx reverse proxy for owncloud show real client IP?

K

kovalr2020-07-16 14:09:35

Nginx

kovalr, 2020-07-16 14:09:35

owncloud rises to docker-compose, ssl via nginx reverse proxy.

nginx config

server {
    listen   443 ssl;
    server_name 192.168.1.4;

    root /srv/docroot/;

    ssl_certificate         /etc/nginx/ssl/ssl-cert.crt;
    ssl_certificate_key     /etc/nginx/ssl/ssl-cert.key;
    ssl_trusted_certificate /etc/nginx/ssl/ca-bundle;

    access_log off;

    location / {
        proxy_pass              http://owncloud:8080/;
        
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_redirect off;
        proxy_buffering off;
     }
}

Docker-compose logs show local IP

owncloud_1  | 172.18.0.3 - - [16/Jul/2020:11:05:36 +0000] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.0" 200 810 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
owncloud_1  | 127.0.0.1 - - [16/Jul/2020:11:05:46 +0000] "GET /status.php HTTP/1.1" 200 1068 "-" "curl/7.65.3"

Instead of 172.18.0.3 there should be a real address.
Tell me what's the problem?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Dmitry, 2020-07-16
@q2digger

I think that the real IP of the client is lost somewhere in the wilds of Docker NAT.
It is necessary to hang out the ports of the reverse proxy in the network raised in the --mode option: host
here is a discussion, there is a swarm, but the essence is the same https://stackoverflow.com/questions/49415595/docke...