I have deployed traefik in LXC container which is getting request from the nginx hosted on host machine. I want to get client ip from nginx as nginx recieved it. It is logged under X-Real-Ip and X-Client-Ip.
But somehow my traefik get lxdbr0 ip as the client ip. Not the real client ip.
A TCP connection will always have the address of the last sender, that’s the way TCP/IP works.
If you need to get the IP from a client before the last "hop", you can either rely on headers that are used in http protocol or use ProxyProtocol
, which needs to be enabled with sender and receiver.
When running Traefik in containers, we use host mode for the required ports (80+443) to get the correct IP of the last sender, avoiding the bridge IP:
services:
traefik:
image: traefik:v2.10
ports:
# listen on host ports without ingress network
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
But this is for Docker, not sure how LXC does it.
I get this ip from the nginx inside the lxc,
{"ClientAddr":"10.169.105.1:58222","ClientHost":"10.169.105.1","ClientPort":"58222","ClientUsername":"-","DownstreamContentSize":31,"DownstreamStatus":405,"Duration":642256305,,"RequestPort":"-","RequestProtocol":"HTTP/1.0","RequestScheme":"http","RetryAttempts":0,"RouterName":"to-runpod@file","ServiceAddr":"qew9zy2kuc,"ServiceName":"runpodserv@file","ServiceURL":{"Scheme":"https","Opaque":"","User":null,"Host":"qew9zy2kucma7s-8000.proxy.runpod.net","Path":"","RawPath":"","OmitHost":false,"ForceQuery":false,"RawQuery":"","Fragment":"","RawFragment":""},"StartLocal":"2023-12-19T11:41:13.193640927Z","StartUTC":"2023-12-19T11:41:13.193640927Z","entryPointName":"http","level":"info","msg":"","time":"2023-12-19T11:41:13Z"}
I use thes in my passHostHeader: false
dynamic file to avoid 403 forbidden code.