I have deployed traefik in LXC container which is getting request from the nginx hosted on host machine. I want to get client ip from nginx as nginx recieved it. It is logged under X-Real-Ip and X-Client-Ip.
But somehow my traefik get lxdbr0 ip as the client ip. Not the real client ip.
A TCP connection will always have the address of the last sender, that’s the way TCP/IP works.
If you need to get the IP from a client before the last "hop", you can either rely on headers that are used in http protocol or use ProxyProtocol, which needs to be enabled with sender and receiver.
When running Traefik in containers, we use host mode for the required ports (80+443) to get the correct IP of the last sender, avoiding the bridge IP:
services:
traefik:
image: traefik:v2.10
ports:
# listen on host ports without ingress network
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
But this is for Docker, not sure how LXC does it.
I get this ip from the nginx inside the lxc,
{"ClientAddr":"10.169.105.1:58222","ClientHost":"10.169.105.1","ClientPort":"58222","ClientUsername":"-","DownstreamContentSize":31,"DownstreamStatus":405,"Duration":642256305,,"RequestPort":"-","RequestProtocol":"HTTP/1.0","RequestScheme":"http","RetryAttempts":0,"RouterName":"to-runpod@file","ServiceAddr":"qew9zy2kuc,"ServiceName":"runpodserv@file","ServiceURL":{"Scheme":"https","Opaque":"","User":null,"Host":"qew9zy2kucma7s-8000.proxy.runpod.net","Path":"","RawPath":"","OmitHost":false,"ForceQuery":false,"RawQuery":"","Fragment":"","RawFragment":""},"StartLocal":"2023-12-19T11:41:13.193640927Z","StartUTC":"2023-12-19T11:41:13.193640927Z","entryPointName":"http","level":"info","msg":"","time":"2023-12-19T11:41:13Z"}
I use thes in my passHostHeader: false dynamic file to avoid 403 forbidden code.