Open gabviv73 opened 2 weeks ago
There are 2 ways to solve this:
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
location /myip {
add_header Content-Type text/plain;
return 200 $remote_addr;
}
I have simplified my test environment to ease investigation. Now the docker containers are running on a machine with public IP Address. The Nginx reverse proxy running on container A with IP address 192.168.48.2 seems to set the correct headers:
socat -v TCP-LISTEN:8916 STDOUT
Host: <redacted>\r
X-Forwarded-Scheme: https\r
X-Forwarded-Proto: https\r
X-Forwarded-For: 82.54.46.1\r
X-Real-IP: 82.54.46.1\r
user-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0\r
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r
accept-language: it,en-US;q=0.7,en;q=0.3\r
accept-encoding: gzip, deflate, br, zstd\r
dnt: 1\r
upgrade-insecure-requests: 1\r
sec-fetch-dest: document\r
sec-fetch-mode: navigate\r
sec-fetch-site: none\r
sec-fetch-user: ?1\r
priority: u=1\r
cookie: csrftoken=hPmoKFAzVgfZ8ZayYyo8LD1CIvQQiNHD; sessionid=z63akq8bevrkij0qhhmd2zbb1a6u4dg7\r
The gunicorn server running nsupdate.info on conatiner B with IP Address 192.168.0.2 is started with:
gunicorn --workers=4 --log-level=info --forwarded-allow-ips='*' --bind 0.0.0.0:8000 nsupdate.wsgi
But nsupdate.info detects the IP address of the docker host interface 192.168.0.1:
nsupdate.info | [2024-06-20 19:26:13,045] DEBUG ajax_get_ips response: {'ipv4': '192.168.0.1', 'ipv4_rdns': '', 'ipv6': '', 'ipv6_rdns': ''} [ip: 192.168.0.1, ua: "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0"]
It seems that gunicorn discards the headers ...
I came to a solution after a bit of research. It seems that django does know anything about X-Forwarede headers things. I've installed and configured a middleware, and now it works:
pip install django-xff
activated the middleware in
local_settings.py
MIDDLEWARE = MIDDLEWARE + ('xff.middleware.XForwardedForMiddleware',)
Now the X-Forwarded IP is correctly red.
See here
I don't think I've ever used / needed that middleware.
I don't think I've ever used / needed that middleware.
Maybe you are using Nginx or Apache with wsgi modules to serve the app. Using gunicorn, it's necessary. Have a look at my PR for the docker container.
I'm building a docker container for nsupdate.info. The web gui and the updates are working, but the IP detection fails: it detects the IP address of the nginx reverse proxy. What could I do to investigate the issue ?