docker-compose 和 nginx:始终获取 127.0.0.1 作为客户端 IP

tag-icon tag-icon docker nginx reverse-proxy docker-compose
docker-compose 和 nginx:始终获取 127.0.0.1 作为客户端 IP

我创建了一个包含 nginx 服务器的 Docker 映像(手动安装,不使用 nginx docker 映像)。无论我从哪里访问 Web 服务器,我总是看到127.0.0.1客户端 IP 地址。我在容器前面使用系统的 nginx 作为反向代理,同样。我总是从公共 IP 访问 nginx 容器127.0.0.1

version: "3.6"

networks:
  docker-network:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: "172.30.253.0/24"
          gateway: "172.30.253.1"
services:
  ##
  ##  WEBAPP container
  ##
  app-web:
    container_name: ${APP_NAME}_webapp
    image: "my/app:${APP_VERSION}"
    restart: unless-stopped
    expose:
      - "8000"
    ports:
      - 3380:8000
    networks:
      docker-network:
    depends_on:
      - docker-mysql
    environment:
      - DB_HOST=${APP_NAME}_db
      - DB_PORT=${MYSQL_PORT}
      - DB_USER=${MYSQL_USER}
      - DB_PASSWORD=${MYSQL_PASSWORD}
      - DB_NAME=${MYSQL_DATABASE}

  ##
  ##  DATABASE CONFIG
  ##
  docker-mysql:
    container_name: ${APP_NAME}_db
    image: "mariadb:10.6"
    restart: unless-stopped
    expose:
      - "3306"
    ports:
      - 3316:3306
    environment:
      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
      - MYSQL_PORT=${MYSQL_PORT}
      - MYSQL_USER=${MYSQL_USER}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
      - MYSQL_DATABASE=${MYSQL_DATABASE}
    volumes:
      - ./mysql/data:/var/lib/mysql:cached
      - ./mysql/conf/yetopen.cnf:/etc/mysql/conf.d/yetopen.cnf:ro,delegated
      - ./mysql-files:/var/lib/mysql-files
    networks:
      docker-network:

  ##
  ##  ADMINER
  ##
  adminer:
    container_name: ${APP_NAME}_adminer
    # Non official adminer with dblib included
    image: dehy/adminer:4.8.1
    restart: "no"
    environment:
      - ADMINER_DEFAULT_SERVER=${APP_NAME}_db
    ports:
      - 3382:8080
    networks:
      docker-network:

容器的 nginx 配置:

server {
    listen 8000;
    root /var/www/web;
    index index.php;
    server_name _;

    # Set real IP address in the Docker network defined in docker-compose.yml
    set_real_ip_from  172.30.253.0/24;
    real_ip_header    X-Real-IP;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
    location = /favicon.ico {
        access_log off;
        log_not_found off;
    }
    location = /robots.txt {
        access_log off;
        log_not_found off;
    }
    error_page 404 /index.php;

    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_intercept_errors on;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
    }
    location ~ /\.ht {
        deny all;
    }
    location ~ /\.(?!well-known).* {
        deny all;
    }
}

在 PHP 中,我正确地看到了REMOTE_ADDR 客户端的 IP,对于相同的请求,在 nginx 日志中我看到了 127.0.0.1!

答案1

这是 nginx 的错误配置。我没有说该镜像是基于 Debian 的镜像,通过apt.我正在查看图像日志,只看到来自 127.0.0.1 的访问:

mis_webapp   | 127.0.0.1 -  11/Nov/2022:20:33:24 +0000 "GET /index.php" 302
mis_webapp   | 127.0.0.1 -  11/Nov/2022:20:33:25 +0000 "GET /index.php" 200
mis_webapp   | 127.0.0.1 -  11/Nov/2022:20:33:28 +0000 "GET /index.php" 200
mis_webapp   | 127.0.0.1 -  11/Nov/2022:22:18:28 +0000 "GET /index.php" 302
mis_webapp   | 127.0.0.1 -  11/Nov/2022:22:18:29 +0000 "GET /index.php" 302

相反,完整日志通常位于/var/log/nginx/access.log. :/

相关内容