How can I get real client IP addresses using Docker and a reverse proxy?

By
William Rossbach
-
0
26
Asked By TechieTurtle57 On

I'm struggling with my Docker setup on Windows 10 to retrieve client IP addresses behind a reverse proxy. I've tried a bunch of options but nothing seems to work. My setup includes nginx-proxy-manager, traefik, and caddy, but I can't get the actual IP address no matter what configuration I try. I'm using Docker with host networking enabled but still facing issues. Here are some specifics of my setup:

- My Docker configurations and files:
- [docker-compose file](https://pastebin.com/zRmRdvKN)
- [whoami nginx file](https://pastebin.com/srWMwaY8)
- [nginx proxy configuration](https://pastebin.com/XUrXHXSN)
- A [whoami response](https://pastebin.com/HmSFzt6W) shows that I'm connecting via my phone's 5G, but I'm only seeing internal Docker IPs (like `172.xx.xx.xx`).
- My home network sits on the `192.168.1.xx` subnet and Docker's host gateway should ideally be `192.168.65.xx`, but it's not coming through as expected.

Also, I have screenshots of Docker and WSL settings that could be relevant:
- [Docker Network Settings](https://i.imgur.com/UeGk03h.png)
- [Docker Engine Config](https://i.imgur.com/gQxwJXF.png)
- [WSL Networking](https://i.imgur.com/RwEb1rf.png)

5 Answers

Answered By CodeSlinger83 On

The issue you're facing likely stems from IP masquerading via iptables. If you want to see the client’s real IP, you might need to remove masquerading and set up the right routes instead.

Answered By WindowsWarrior22 On

Just a heads up, Docker on Windows can struggle with retrieving the original client IP, especially on a system like Windows 10 which is more suited for development rather than production.

Answered By DataNinja29 On

I was in a similar situation, and I finally switched from WSL2 to an Ubuntu VM. It made a huge difference. Consider making that move if feasible!

Answered By DockerDude44 On

In your case, ensure that you're setting the network mode to `host` for the nginx reverse proxy in your docker-compose.yml. Using bridge mode limits visibility to Docker's internal IPs.

Answered By NetworkingNerd73 On

Have you tried adjusting your networking mode in WSL? Setting it to 'Mirrored' in the `.wslconfig` file could help. Check out this setting:
```
[wsl2]
networkingMode=mirrored

[experimental]
hostAddressLoopback=true
```

TechieTurtle57 -

I have host networking enabled in Docker already, and it's set in the npm's compose file. I can access npm's web UI without exposing ports.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.