Comments (12)
Thanks for opening your first issue here! Be sure to follow the issue template!
from docker-swag.
There is a lot of reasons for behavior. Two of them would be easy to spot if you followed the issue template(i know the link above is dead). Regardless you need to tell Nginx to this, using X-Forward-For header and the set_real_ip_from
directive, this not done by default.
from docker-swag.
Taken from linuxserver/docker-nextcloud#130.
The following snippet sets the original IP addresses for all docker IP's. Edit it where needed (for your case, add an extra line set_real_ip_from 10.0.0.0/24;
above real_ip_header
) and put it inside the main server block in nginx/site-confs/default
. Don't forget to restart the container.
# display real ip in nginx logs when connected through reverse proxy via docker network
set_real_ip_from 172.0.0.0/8;
real_ip_header X-Forwarded-For;
from docker-swag.
I am also having this problem. I cannot seem to fix it using those settings. What am I doing wrong here? the is my Default file. Running Windows 10 x64.
error_page 502 /502.html;
# redirect all traffic to https
server {
listen 81 default_server;
#listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
# main server block
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
root /config/www;
index ui3.htm;
server_name _;
# enable subfolder method reverse proxy confs
include /config/nginx/proxy-confs/*.subfolder.conf;
# all ssl related config moved to ssl.conf
include /config/nginx/ssl.conf;
# enable for geo blocking
# See /config/nginx/geoip2.conf for more information.
#if ($allowed_country = no) {
#return 444;
#}
client_max_body_size 0;
# 192.168.2.75 is the IP of the Nginx server.
set_real_ip_from 192.168.2.75;
real_ip_header X-Forwarded-For;
location / {
#include /config/nginx/proxy.conf;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.2.75:81;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}
from docker-swag.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
from docker-swag.
It's probably an issue with Windows Subsystem for Linux and/or Docker on Windows x64. On my ARM board it's working perfectly.
from docker-swag.
I'm facing the same issue on a Synology DSM nas with docker. Deployed is the swag container with an stack file in portainer.
The idea of this swag container is great and also the way how it is set up is great. It worked all fine out of the box. I needed some minutes and the basic setupd was done. Just some modifications on fail2ban to support the legacy iptable from synology and it worked. But without knowing the real ip adress of my clients I can not use this as fail2ban would block all traffic and also nextcloud requires the real ip adresses.
I tried the following options so far but none of them work.
- Set headers for X-Real IP and Forwarder
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- Add the recommended settings from @maartenbrakkee
# display real ip in nginx logs when connected through reverse proxy via docker network
set_real_ip_from 172.19.0.0/16;
real_ip_header X-Forwarded-For;
- Set the required ports in host mode by adding this to the docker stack file:
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
- I even tried to disable the masquerade setting inside a network but this was also not working.
networks:
swag:
driver: bridge
driver_opts:
com.docker.network.bridge.enable_ip_masquerade: 'false'
ipam:
driver: default
Does anyone hase an idea how to solve this?
My docker file looks like this:
version: "3.7"
services:
swag:
image: ghcr.io/linuxserver/swag
container_name: swag
hostname: swag
networks:
- backend
dns:
- 192.168.178.200
- 8.8.8.8
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
cap_add:
- NET_ADMIN
environment:
- PUID=1041
- PGID=65537
- TZ=Europe/Berlin
- URL=example.de
- SUBDOMAINS=www
- VALIDATION=http
- [email protected]
- ONLY_SUBDOMAINS=false
- STAGING=false
- DOCKER_MODS=linuxserver/mods:swag-auto-reload|linuxserver/mods:universal-wait-for-internet
volumes:
- data:/config
- certs:/config/etc
restart: unless-stopped
networks:
backend:
external: true
name: swag_backend
volumes:
data:
external: false
certs:
external: false
from docker-swag.
@flo-mic https://www.pedrolamas.com/2020/11/04/exposing-the-client-ips-to-docker-containers-on-synology-nas/ this fixed this issue on both our syno and qnap boxes.
from docker-swag.
@j0nnymoe thanks this was a good hint. Unfortunately the manual does not describe all required steps to get this working also with custom networks. For all who have the same issue, you can try the following. This is tested on a Synology DSM 916+ firmware v6.2.3
- Open a ssh connection and edit the docker deamon.json file
sudo nano /var/packages/Docker/etc/dockerd.json
- Add a new line with the following content
"userland-proxy" : false
(Make sure to add a "," at the end of the previous line othervise your json is invalid and the docker application is not more visible inside the Synologgy DSM). - Restart the docker deamon with the following command
sudo synoservice --restart pkgctl-Docker
- Now follow the steps described in the link from j0nnymoe to configure the iptables. But use the script below because the provided one does not work on my system. https://www.pedrolamas.com/2020/11/04/exposing-the-client-ips-to-docker-containers-on-synology-nas/
#!/bin/bash
currentAttempt=0
totalAttempts=10
delay=15
while [ $currentAttempt -lt $totalAttempts ]
do
currentAttempt=$(( $currentAttempt + 1 ))
echo "Attempt $currentAttempt of $totalAttempts..."
result=$(iptables-save)
if [[ $result =~ "-A DEFAULT_FORWARD -i docker0 -o docker0 -j ACCEPT" ]]; then
echo "Docker rules found! Modifying..."
iptables -t nat -A PREROUTING ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
iptables -t nat -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
echo "Done!"
break
fi
echo "Docker rules not found! Sleeping for $delay seconds..."
sleep $delay
done
from docker-swag.
I didn't have to do any of that for the IP's to show on my swag network on my syno and qnap.
from docker-swag.
hmm strange, I just noticed that I also had to customize the script as it was not working on system start (just updated my previous post). Quite interesting that the solution differs from Synology system to another. But anyway. If someone else has he issue he can test your and my solution and hopefully one of both works 😉
from docker-swag.
The @j0nnymoe solution worked for me on a DS920+ running DSM7.
Thank you !!!
For information, I was getting my router IP as $remote_addr (hence the geoip2 was still useless).
My router is a pfsense and I had to go to "System / Advanced / Firewall & NAT", then
- NAT Reflection mode for port forwards: Pure NAT
- Enable NAT Reflection for 1:1 NAT: enabled
- Enable automatic outbound NAT for Reflection: enabled
from docker-swag.
Related Issues (20)
- [BUG] SWAG doesn't find addons on repository HOT 6
- [FEAT] Add Tailscale NGINX Auth (Optional: Fallback to ldap auth, Authelia, Authentik HOT 9
- [BUG] Streams broken by stream.conf HOT 9
- [BUG] Error when i create the container "nginx: [emerg] unknown "lan-ip" variable" HOT 3
- [BUG] Problem downloading /js/file.js using subfolder HOT 3
- [BUG] Certbot Plugins never run when a custom DNSPLUGIN is chosen HOT 5
- [FEAT] Consider proxy_hide_header option for Safari browsers accessing Nextcloud HOT 2
- [BUG] SWAG dashboard: blank page HOT 1
- [FEAT] Add Tailscale as a DNS Plugin HOT 3
- [FEAT] install njs scripting language HOT 5
- [FEAT] Disable Copying Defaults/Samples Via Environment Variable HOT 2
- [BUG] no more logrotate with access.log HOT 3
- [FEAT] ngx_http_v3_module HOT 4
- [FEAT] Run swag on testing (development) environment HOT 5
- [FEAT] Date filtering for the Dashboard HOT 2
- [BUG] Dashboard - Cleaning up resources... HOT 3
- [BUG] No ASN stats HOT 2
- [FEAT] Add Dynu back to SWAG HOT 1
- DNSPLUGIN for hostido.pl HOT 10
- [BUG] 2.10.0 - Hangs at Please set the DNSPLUGIN variable to one of the following: HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-swag.