Dockerized Nginx Reverse Proxy - Real IP

Sol

8/23/24, 1:11 PM

I have following problem. I have a docker compose setup which spins up a frontend service using Nuxt3 and a backend API based on golang.This two containers are exposed via an Nginx reverse proxy everything works as expected but I need to retrieve the users IP adress inside my golang service. Nginx seems to forward just a docker ip with 172.x.x.x not the real users IP address.

docker-compose.yaml

version: '3'
services:
  nuxt-frontend:
    build:
      context: ./frontend # Path to your Nuxt 3 backend code
      dockerfile: Dockerfile.local
    command: npm run dev
    x-develop:
      watch:
        - action: sync
          path: ./frontend
          target: /app
          ignore:
            - node_modules/
        - action: rebuild
          path: package.json
  mongodb:
    image: mongo:latest
    restart: always
    environment:
      MONGO_INITDB_ROOT_USERNAME: root
      MONGO_INITDB_ROOT_PASSWORD: admin
    volumes:
      - mongodb_data:/data/db
  go-backend:
    build:
      context: ./backend
      dockerfile: Dockerfile.local
    command: air
    x-develop:
      watch:
        - action: sync
          path: ./backend
          target: /app
        - action: rebuild
          path: go.mod
    depends_on:
      - mongodb 
  nginx:
    image: nginx:latest
    ports:
      - "80:80"   # HTTP port
      - "443:443" # HTTPS port
    volumes:
      - ./nginx/conf.d:/etc/nginx/conf.d
      - ./nginx/ssl:/etc/nginx/ssl
    depends_on:
      - nuxt-frontend
      - go-backend
volumes:
  cache:
    driver: local
  mongodb_data:

nginx.conf

server {
    listen 80;
    server_name localhost;
    
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name localhost;

    ssl_certificate /etc/nginx/ssl/cert.pem; 
    ssl_certificate_key /etc/nginx/ssl/key.pem;

    location /api {
        proxy_pass http://go-backend:3001; 
        proxy_set_header    Host                $http_host;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-Proto   $scheme;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    }

    location / {
        proxy_pass http://nuxt-frontend:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

Any suggestions are highly appreciated.

Kind regards

0 + 6

nginx

reverse-proxy

docker

docker-compose

symcbean

8/23/24, 1:56 PM

X-Real-IP does not contain the client address?

Sol

8/23/24, 2:54 PM

@symcbean not it start with 172.x.x.x so it is one from docker :/

symcbean

8/23/24, 3:01 PM

Then you need to replace the (presumably default) SNAT rules with masquerading - https://gist.github.com/PedroLamas/db809a2b9112166da4a2dbf8e3a72ae9

Sol

8/23/24, 3:30 PM

@symcbean this seems a bit hacky is there no other way to configure docker to forward the real ip?

symcbean

8/23/24, 3:30 PM

rewrite docker.

Sol

8/23/24, 5:51 PM

@symcbean alright that is out of the way. Thank your for your suggestion, I will try that.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Dockerized Nginx Reverse Proxy - Real IP

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.