Nginx 代理管理器未在日志中报告正确的客户端 IP

tag-icon tag-icon nginx networking docker ip
Nginx 代理管理器未在日志中报告正确的客户端 IP

我是网络新手,遇到了一个问题,nginx 代理管理器日志(proxy-host-*_access.log)对所有流量报告“[客户端 172.19.0.1]”,这使其无法识别谁在连接到我的服务器。

我的容器使用该撰写文件进行部署:

services:
  app:
    container_name: nginx_proxy
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    # network_mode: "host" #when used the link to the database breaks
    ports:
      # These ports are in format <host-port>:<container-port>
      - '2052:80' # Public HTTP Port
      - '2053:443' # Public HTTPS Port
      - '91:81' # Admin Web Port
      # Add any other Stream port you want to expose
      # - '21:21' # FTP
    environment:
      DB_MYSQL_HOST: "db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "xxx"
      DB_MYSQL_PASSWORD: "xxx"
      DB_MYSQL_NAME: "xxx"
      # Uncomment this if IPv6 is not enabled on your host
      # DISABLE_IPV6: 'true'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
    depends_on:
      - db

  db:
    container_name: alpine_mariadb
    image: 'yobasystems/alpine-mariadb:latest'
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: 'xxx'
      MYSQL_DATABASE: 'xxx'
      MYSQL_USER: 'xxx'
      MYSQL_PASSWORD: 'xxx'
    volumes:
      - ./data/mysql:/var/lib/mysql

设置如下:

客户端(外部互联网) -> Cloudflare -> 路由器(端口转发) -> Docker 网络(172.19.0.1) -> Nginx 代理管理器容器(172.19.0.3)

到目前为止我尝试编辑 nginx.conf:

        # Real IP Determination
        # cloudflare IPs
        set_real_ip_from 173.245.48.0/20;
        set_real_ip_from 103.21.244.0/22;
        set_real_ip_from 103.22.200.0/22;
        set_real_ip_from 103.31.4.0/22;
        set_real_ip_from 141.101.64.0/18;
        set_real_ip_from 108.162.192.0/18;
        set_real_ip_from 190.93.240.0/20;
        set_real_ip_from 188.114.96.0/20;
        set_real_ip_from 197.234.240.0/22;
        set_real_ip_from 198.41.128.0/17;
        set_real_ip_from 162.158.0.0/15;
        set_real_ip_from 104.16.0.0/13;
        set_real_ip_from 104.24.0.0/14;
        set_real_ip_from 172.64.0.0/13;
        set_real_ip_from 131.0.72.0/22;

        #real_ip_header X-Forwarded-For;
        # Local subnets:
        set_real_ip_from 10.0.0.0/8;
        set_real_ip_from 172.16.0.0/12; # Includes Docker subnet
        # NGINX proxy docker bridge (172.19.0.1):
        set_real_ip_from 172.19.0.0/24;
        set_real_ip_from 192.168.0.0/16;
        # NPM generated CDN ip ranges:
        include conf.d/include/ip_ranges.conf;
        # always put the following 2 lines after ip subnets:
        real_ip_header X-Real-IP;
        real_ip_recursive on;

我还检查了 portainer 重启后的容器日志,没有错误(修复了几个缺失的“;”之后),所以我不知道该怎么做。

相关内容