search

sameersbn / docker-gitlab

Dockerized GitLab
http://www.damagehead.com/docker-gitlab/
MIT License
7.91k stars 2.14k forks source link

Real IP from AWS to nginx proxy to gitlab's nginx-proxy #1223

Open reynold-lariza opened 7 years ago

reynold-lariza commented 7 years ago

Hey guys,

Just need a bit of help, I've struggling with this for hours now... the thing I need to send the real client IP address...

So, I used the basic nginx container with --net=host

I also followed for the AWS ELB:

https://easyengine.io/tutorials/nginx/amazon-elastic-load-balancer-forward-real-ip/

Now I'm able to verify that the nginx is able to capture the actual client IP address, when I enable proxy_set_header X-Forwarded-Host $remote_addr;

However, how do I pass this IP to gitlab? cause what it currently gets is the private IP address of the docker host where nginx proxy is running.

Anyone encountered the same issue, and how were you able to solve this issue?

This is my config for gitlab.conf

server {
    listen       80;
    server_name  git.whiteskylabs.com;
    client_max_body_size 640M;
    client_body_buffer_size 1M;

   location / {

    proxy_set_header  Host $host;
    proxy_set_header  X-Real-IP $remote_addr;
    proxy_set_header  X-Forwarded-Proto https;
#proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header  X-Forwarded-For $remote_addr;
#    proxy_set_header  X-Forwarded-Host $remote_addr;
    proxy_pass http://gitlab-ec2-ip:10080/;

        }
}

Thanks,

reynold-lariza commented 7 years ago

Ah.. surprisingly, I was able to make it work...

I also added inside gitlab container's nginx.conf (also with main nginx proxy container)

http {
real_ip_header X-Forwarded-For;
set_real_ip_from 0.0.0.0/0;
...
}

and with main nginx proxy gitlab.conf

server {
    listen       80;
    server_name  gitlab-domain.com;
    client_max_body_size 640M;
    client_body_buffer_size 1M;

   location / {

    proxy_set_header  Host $host;
    proxy_set_header  X-Real-IP $remote_addr;
    proxy_set_header  X-Forwarded-Proto https;
    proxy_set_header  X-Forwarded-For $remote_addr;
    proxy_set_header  X-Forwarded-Host $server_name;
    proxy_pass http://gitlab-ec2-ip:10080/;

        }
}

Now it works as I expected it... but I had to do this hard coding edit into a a live gitlab container...

Is there anyway this can be done upon first run of the container?

reynold-lariza commented 7 years ago

FYI,

Could be useful to others.

I was successful setting this up with config NGINX_SET_REAL_IP_FROM

| NGINX_SET_REAL_IP_FROM | Set the value for X-Real-IP. Defaults to 0.0.0.0/0. |

# assets/runtime/env-defaults
+ ## Nginx Additional Configuration
+ NGINX_SET_REAL_IP_FROM=${NGINX_SET_REAL_IP_FROM:-"0.0.0.0/0"}
# assets/runtime/functions
    NGINX_PROXY_BUFFERING \
    NGINX_ACCEL_BUFFERING \
+  NGINX_SET_REAL_IP_FROM \
    NGINX_X_FORWARDED_PROTO
+ # assets/runtime/config/nginx/gitlab and assets/runtime/config/nginx/gitlab-ssl
+  ## Required for retrieving actual client IP address
+  real_ip_header X-Forwarded-For;
+  set_real_ip_from {{NGINX_SET_REAL_IP_FROM}};

Note: this assumes your nginx is running natively or using --net=host (in addition mine is behind AWS ELB)

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had any activity for the last 60 days. It will be closed if no further activity occurs during the next 7 days. Thank you for your contributions.