使用haproxy docker访问nextcloud docker内的客户端ip
使用haproxy docker访问nextcloud docker内的客户端ip
提问于 2020-09-12 08:27:49
我有一个正在运行的docker容器,我想在nextcloud docker日志上看到来自客户端的真实ip地址。但目前我只能看到来自haproxy容器的ip地址,我已经添加了option forwardfor,但它仍然不起作用。
我的docker-compose:
version: '3'
services:
db:
image: linuxserver/mariadb
restart: always
environment:
- MYSQL_ROOT_PASSWORD=
- PUID=100
- PGID=100
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_PASSWORD=
volumes:
- /home/raspi/nextcloud-docker/volumen/mariadb/:/config
app:
image: nextcloud:apache
restart: always
volumes:
- /home/raspi/nextcloud-docker/volumen/nextcloud/:/var/www/html
environment:
- VIRTUAL_HOST=
- LETSENCRYPT_HOST=
- LETSENCRYPT_EMAIL=
- MYSQL_HOST=db
- OVERWRITEPROTOCOL=https
env_file:
- db.env
depends_on:
- db
networks:
- proxy-tier
- default
haproxy:
restart: always
image: haproxy:2.1.7
volumes:
- /home/raspi/nextcloud-docker/haproxy/config:/usr/local/etc/haproxy/
- /home/raspi/nextcloud-docker/haproxy/certs/haproxy/:/usr/local/etc/ssl/
ports:
- 8080:8080
networks:
- proxy-tier
depends_on:
- app
networks:
proxy-tier:我的haproxy.cfg:
global
maxconn 50
tune.ssl.default-dh-param 2048
log stdout format raw local0
defaults
log global
mode http
timeout tunnel 1h
timeout http-request 1h
timeout connect 20s
option forwardfor
option http-server-close
frontend https
bind *:8080 ssl crt /usr/local/etc/ssl/website.org
http-request redirect scheme https code 301 if !{ ssl_fc }
default_backend nextcloud
timeout client 1h
backend nextcloud
server app1 app:80
timeout server 1hnextcloud日志:
{"reqId":"GoyJSJ8Jl1xAUf9xARf6","level":2,"time":"2020-09-11T23:41:54+00:00","remoteAddr":"172.29.0.3","user":"--","app":"no app in context","method":"POST","url":"/login","message":"Login failed: malo (Remote IP: 172.29.0.3)","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36","version":"19.0.0.12"}
{"reqId":"A4n1pk3sU8Bsh0pkMjfB","level":2,"time":"2020-09-11T23:43:27+00:00","remoteAddr":"172.29.0.3","user":"--","app":"no app in context","method":"POST","url":"/login","message":"Login failed: malo3 (Remote IP: 172.29.0.3)","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36","version":"19.0.0.12"}如您所见,仅从haproxy容器获取ip地址。我已经在haproxy.cfg中添加了option forwardfor,并且添加了
'trusted_proxies' => array('172.29.0.3'),
'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),然后重启,但什么都不起作用。我需要这个来让fail2ban工作。我遗漏了什么?
回答 1
Stack Overflow用户
发布于 2020-09-12 23:13:32
我必须将代理层网络设置为静态的,这样我的网络看起来就像这样:
networks:
proxy-tier:
ipam:
config:
- subnet: 174.20.0.0/24我不得不把app和haproxy容器放在下面:
networks:
proxy-tier:
ipv4_address: 174.20.0.x现在添加haproxy容器ip地址:
environment:
- TRUSTED_PROXIES=174.20.0.x现在它起作用了!
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/63855748
复制相关文章
相似问题
腾讯云开发者
