search

apache / apisix

The Cloud-Native API Gateway
https://apisix.apache.org/blog/
Apache License 2.0
14.31k stars 2.49k forks source link

help request: Can not get correctly client's IP #11298

Closed Jinxin231 closed 3 months ago

Jinxin231 commented 3 months ago

Description

When deploying APISIX using Docker Compose, the logs record the Docker network IP instead of the actual client IP when the client accesses the service. Docker is deployed on an ECS host within an internal network(10.8.0.0/24), and I access the service through the internal network segmen.

My client ip is 10.8.0.6 ,Apisix ip is 10.0.0.25.

log screenshot : image

We can see that $remote_addr is 172.28.0.1, which is not the client IP

and this is my config

 http:
    enable_access_log: true             # Enable HTTP proxy access logging.
    access_log: logs/access.log         # Location of the access log.
    access_log_buffer: 16384            # buffer size of access log.
    access_log_format: |
      "$remote_addr - $remote_user [$time_local] $http_host \"$request\" $status $body_bytes_sent $request_time \"$http_referer\" \"$http_user_agent\$upstream_addr $upstream_status $upstream_response_time \"$upstream_scheme://$upstream_host$upstream_uri\""
    # Customize log format: http://nginx.org/en/docs/varindex.html
    access_log_format_escape: default   # Escape default or json characters in variables.
    keepalive_timeout: 60s              # Set the maximum time for which TCP connection keeps alive.
    client_header_timeout: 60s          # Set the maximum time waiting for client to send the entire HTTP
                                        # request header before closing the connection.
    client_body_timeout: 60s            # Set the maximum time waiting for client to send the request body.
    client_max_body_size: 0             # Set the maximum allowed size of the client request body.
                                        # Default to 0, unlimited.
                                        # Unlike Nginx, APISIX does not limit the body size by default.
                                        # If exceeded, the 413 (Request Entity Too Large) error is returned.
    send_timeout: 10s   # Set the maximum time for transmitting a response to the client before closing.
    underscores_in_headers: "on"  # Allow HTTP request headers to contain underscores in their names.
    real_ip_header: X-Real-IP     # https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
    real_ip_recursive: "on" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive
    real_ip_from:            # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
      - 10.8.0.0/24

    lua_shared_dict:              # Nginx Lua shared memory zone. Size units are m or k.
      internal-status: 10m
      plugin-limit-req: 10m
      plugin-limit-count: 10m
      prometheus-metrics: 10m
      plugin-limit-conn: 10m
      upstream-healthcheck: 10m
      worker-events: 10m
      lrucache-lock: 10m
      balancer-ewma: 10m
      balancer-ewma-locks: 10m
      balancer-ewma-last-touched-at: 10m
      plugin-limit-req-redis-cluster-slot-lock: 1m
      plugin-limit-count-redis-cluster-slot-lock: 1m
      plugin-limit-conn-redis-cluster-slot-lock: 1m
      tracing_buffer: 10m
      plugin-api-breaker: 10m
      etcd-cluster-health-check: 10m
      discovery: 1m
      jwks: 1m
      introspection: 10m
      access-tokens: 1m
      ext-plugin: 1m
      tars: 1m
      cas-auth: 10m
      ocsp-stapling: 10m

Environment

dbit-xia commented 3 months ago

Check out the real-ip plugin; it might solve the problem.

Jinxin231 commented 3 months ago

I changed the docker's network mode tohost, problem solved. It should be related to this issue

https://forums.docker.com/t/docker-overrides-remote-addr-and-forwarded-for-headers-to-the-bridge-network-ip/138485

nfrankel commented 3 months ago

Closing as answered