[GH-ISSUE #41] Setting Real IP is not working... #37

Closed
opened 2026-02-26 05:33:29 +03:00 by kerem · 7 comments
Owner

Originally created by @SaulGoodman1337 on GitHub (Jan 4, 2019).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/41

somehow the whole thing doesn't work out for me. The IP address of the reverse proxy always arrives at the remote hosts.

But I don't understand why.

Does anyone have the same problem?

Originally created by @SaulGoodman1337 on GitHub (Jan 4, 2019). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/41 somehow the whole thing doesn't work out for me. The IP address of the reverse proxy always arrives at the remote hosts. But I don't understand why. Does anyone have the same problem?
kerem closed this issue 2026-02-26 05:33:29 +03:00
Author
Owner

@jc21 commented on GitHub (Jan 7, 2019):

Can you provide some more info for me:

  • What version of Nignx Proxy Manager are you using? Can be found on bottom of the page
  • What's the network IP of your docker host?
  • What IP are you seeing on the upstream host?
<!-- gh-comment-id:451788315 --> @jc21 commented on GitHub (Jan 7, 2019): Can you provide some more info for me: - What version of Nignx Proxy Manager are you using? Can be found on bottom of the page - What's the network IP of your docker host? - What IP are you seeing on the upstream host?
Author
Owner

@SaulGoodman1337 commented on GitHub (Jan 7, 2019):

Hi,

  • What version of Nignx Proxy Manager are you using? Can be found on bottom of the page
    v2.0.8
  • What's the network IP of your docker host?
    10.20.29.1 - baremetal Host (Native)
    172.30.0.3 - nginx proxy manager (Docker)
    192.168.0.3 - Plex (Docker)
  • What IP are you seeing on the upstream host?
    The ip of the nginx proxy manager (172.30.0.3)

i hope that's enough information for you. if you need more, ask me.

<!-- gh-comment-id:451849480 --> @SaulGoodman1337 commented on GitHub (Jan 7, 2019): Hi, * What version of Nignx Proxy Manager are you using? Can be found on bottom of the page v2.0.8 * What's the network IP of your docker host? 10.20.29.1 - baremetal Host (Native) 172.30.0.3 - nginx proxy manager (Docker) 192.168.0.3 - Plex (Docker) * What IP are you seeing on the upstream host? The ip of the nginx proxy manager (172.30.0.3) i hope that's enough information for you. if you need more, ask me.
Author
Owner

@jc21 commented on GitHub (Jan 9, 2019):

So on the upstream host, what http header are you using to identify the "real" ip? Take a look at the http headers received by an upstream host on my test host.

The SERVER_ADDR is the NPM docker container, which is correct, but the HTTP_X_FORWARDED_FOR header is the real IP of the client, you. All web services that need to identify a real client IP should be respecting the forwarded for header too, as it's used by virtually all proxying software and CDNs.

The Nginx logs output the correct client IP also, as there is options in there to skip using the docker ranges.

<!-- gh-comment-id:452515169 --> @jc21 commented on GitHub (Jan 9, 2019): So on the upstream host, what http header are you using to identify the "real" ip? Take a look at the http headers received by an upstream host on [my test host](https://phptest.jc21.net.au/). The `SERVER_ADDR` is the NPM docker container, which is correct, but the `HTTP_X_FORWARDED_FOR` header is the real IP of the client, you. All web services that need to identify a real client IP should be respecting the forwarded for header too, as it's used by virtually all proxying software and CDNs. The Nginx logs output the correct client IP also, as there is options in there to skip using the docker ranges.
Author
Owner

@nicotontige commented on GitHub (Feb 16, 2019):

sry for the late response, but in a swarm cluster the HTTP_X_FORWARDED_FOR is never the good one.
There is a tip found here :
https://github.com/moby/moby/issues/25526#issuecomment-463668116

The solution :

version: "3.2"
services:
 nginx-proxy-manager:
  image: jc21/nginx-proxy-manager:2
  ports:
  - "81:81"
  - target: 80
    published: 80
    protocol: tcp
    mode: host
  - target: 443
    published: 443
    protocol: tcp
    mode: host

It works for me, i've got the real ip on my nginx backend with HTTP_X_FORWARDED_FOR
On my nginx backend configuration file :

set_real_ip_from 10.0.0.0/8;
set_real_ip_from 10.255.0.2;
real_ip_header X-Forwarded-For;
real_ip_recursive on;

Hope it will help

<!-- gh-comment-id:464364484 --> @nicotontige commented on GitHub (Feb 16, 2019): sry for the late response, but in a swarm cluster the `HTTP_X_FORWARDED_FOR` is never the good one. There is a tip found here : https://github.com/moby/moby/issues/25526#issuecomment-463668116 The solution : ```yml version: "3.2" services: nginx-proxy-manager: image: jc21/nginx-proxy-manager:2 ports: - "81:81" - target: 80 published: 80 protocol: tcp mode: host - target: 443 published: 443 protocol: tcp mode: host ``` It works for me, i've got the real ip on my nginx backend with HTTP_X_FORWARDED_FOR On my nginx backend configuration file : ```nginx set_real_ip_from 10.0.0.0/8; set_real_ip_from 10.255.0.2; real_ip_header X-Forwarded-For; real_ip_recursive on; ``` Hope it will help
Author
Owner

@marrobHD commented on GitHub (Jul 5, 2020):

Maybe I'm doing something wrong but the guest still only shows the local ip of npm

<!-- gh-comment-id:653947489 --> @marrobHD commented on GitHub (Jul 5, 2020): Maybe I'm doing something wrong but the guest still only shows the local ip of npm
Author
Owner

@chaptergy commented on GitHub (Oct 25, 2021):

There is nothing we can do about that. In normal network mode docker overwrites the ip with the gateway ip when being accessed from the same machine the docker stack is hosted on.
The only thing you can do is to switch to host mode for the docker ports as described in the post above.

<!-- gh-comment-id:950926258 --> @chaptergy commented on GitHub (Oct 25, 2021): There is nothing we can do about that. In normal network mode [docker overwrites the ip with the gateway ip](https://github.com/docker/roadmap/issues/157) when being accessed from the same machine the docker stack is hosted on. The only thing you can do is to switch to host mode for the docker ports as described in the [post above](#issuecomment-464364484).
Author
Owner

@natechoiniere commented on GitHub (Sep 5, 2023):

There is nothing we can do about that. In normal network mode docker overwrites the ip with the gateway ip when being accessed from the same machine the docker stack is hosted on. The only thing you can do is to switch to host mode for the docker ports as described in the post above.

Just to be clear, this means that it's impossible for NPM to discern who's connecting to the webserver, and that it's impossible to use the Access List in order to make some pages internal-only out of the box. This is intended behavior? I'm coming from https://github.com/NginxProxyManager/nginx-proxy-manager/issues/674

<!-- gh-comment-id:1706452536 --> @natechoiniere commented on GitHub (Sep 5, 2023): > There is nothing we can do about that. In normal network mode [docker overwrites the ip with the gateway ip](https://github.com/docker/roadmap/issues/157) when being accessed from the same machine the docker stack is hosted on. The only thing you can do is to switch to host mode for the docker ports as described in the [post above](#issuecomment-464364484). Just to be clear, this means that it's impossible for NPM to discern who's connecting to the webserver, and that it's impossible to use the Access List in order to make some pages internal-only out of the box. This is intended behavior? I'm coming from https://github.com/NginxProxyManager/nginx-proxy-manager/issues/674
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#37
No description provided.