[GH-ISSUE #41] Setting Real IP is not working... #37

New issue

Closed

opened 2026-02-26 05:33:29 +03:00 by kerem · 7 comments

kerem commented 2026-02-26 05:33:29 +03:00

Owner

Copy link

Originally created by @SaulGoodman1337 on GitHub (Jan 4, 2019).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/41

somehow the whole thing doesn't work out for me. The IP address of the reverse proxy always arrives at the remote hosts.

But I don't understand why.

Does anyone have the same problem?

Originally created by @SaulGoodman1337 on GitHub (Jan 4, 2019). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/41 somehow the whole thing doesn't work out for me. The IP address of the reverse proxy always arrives at the remote hosts. But I don't understand why. Does anyone have the same problem?

kerem closed this issue 2026-02-26 05:33:29 +03:00

kerem commented 2026-02-26 05:33:30 +03:00

Author

Owner

Copy link

@jc21 commented on GitHub (Jan 7, 2019):

Can you provide some more info for me:

• What version of Nignx Proxy Manager are you using? Can be found on bottom of the page
• What's the network IP of your docker host?
• What IP are you seeing on the upstream host?

<!-- gh-comment-id:451788315 --> @jc21 commented on GitHub (Jan 7, 2019): Can you provide some more info for me: - What version of Nignx Proxy Manager are you using? Can be found on bottom of the page - What's the network IP of your docker host? - What IP are you seeing on the upstream host?

kerem commented 2026-02-26 05:33:30 +03:00

Author

Owner

Copy link

@SaulGoodman1337 commented on GitHub (Jan 7, 2019):

Hi,

• What version of Nignx Proxy Manager are you using? Can be found on bottom of the page
  v2.0.8
• What's the network IP of your docker host?
  10.20.29.1 - baremetal Host (Native)
  172.30.0.3 - nginx proxy manager (Docker)
  192.168.0.3 - Plex (Docker)
• What IP are you seeing on the upstream host?
  The ip of the nginx proxy manager (172.30.0.3)

i hope that's enough information for you. if you need more, ask me.

<!-- gh-comment-id:451849480 --> @SaulGoodman1337 commented on GitHub (Jan 7, 2019): Hi, * What version of Nignx Proxy Manager are you using? Can be found on bottom of the page v2.0.8 * What's the network IP of your docker host? 10.20.29.1 - baremetal Host (Native) 172.30.0.3 - nginx proxy manager (Docker) 192.168.0.3 - Plex (Docker) * What IP are you seeing on the upstream host? The ip of the nginx proxy manager (172.30.0.3) i hope that's enough information for you. if you need more, ask me.

kerem commented 2026-02-26 05:33:30 +03:00

Author

Owner

Copy link

@jc21 commented on GitHub (Jan 9, 2019):

So on the upstream host, what http header are you using to identify the "real" ip? Take a look at the http headers received by an upstream host on my test host.

The SERVER_ADDR is the NPM docker container, which is correct, but the HTTP_X_FORWARDED_FOR header is the real IP of the client, you. All web services that need to identify a real client IP should be respecting the forwarded for header too, as it's used by virtually all proxying software and CDNs.

The Nginx logs output the correct client IP also, as there is options in there to skip using the docker ranges.

<!-- gh-comment-id:452515169 --> @jc21 commented on GitHub (Jan 9, 2019): So on the upstream host, what http header are you using to identify the "real" ip? Take a look at the http headers received by an upstream host on [my test host](https://phptest.jc21.net.au/). The `SERVER_ADDR` is the NPM docker container, which is correct, but the `HTTP_X_FORWARDED_FOR` header is the real IP of the client, you. All web services that need to identify a real client IP should be respecting the forwarded for header too, as it's used by virtually all proxying software and CDNs. The Nginx logs output the correct client IP also, as there is options in there to skip using the docker ranges.

kerem commented 2026-02-26 05:33:30 +03:00

Author

Owner

Copy link

@nicotontige commented on GitHub (Feb 16, 2019):

sry for the late response, but in a swarm cluster the HTTP_X_FORWARDED_FOR is never the good one.
There is a tip found here :
https://github.com/moby/moby/issues/25526#issuecomment-463668116

The solution :

version: "3.2"
services:
 nginx-proxy-manager:
  image: jc21/nginx-proxy-manager:2
  ports:
  - "81:81"
  - target: 80
    published: 80
    protocol: tcp
    mode: host
  - target: 443
    published: 443
    protocol: tcp
    mode: host

It works for me, i've got the real ip on my nginx backend with HTTP_X_FORWARDED_FOR
On my nginx backend configuration file :

set_real_ip_from 10.0.0.0/8;
set_real_ip_from 10.255.0.2;
real_ip_header X-Forwarded-For;
real_ip_recursive on;

Hope it will help

<!-- gh-comment-id:464364484 --> @nicotontige commented on GitHub (Feb 16, 2019): sry for the late response, but in a swarm cluster the `HTTP_X_FORWARDED_FOR` is never the good one. There is a tip found here : https://github.com/moby/moby/issues/25526#issuecomment-463668116 The solution : ```yml version: "3.2" services: nginx-proxy-manager: image: jc21/nginx-proxy-manager:2 ports: - "81:81" - target: 80 published: 80 protocol: tcp mode: host - target: 443 published: 443 protocol: tcp mode: host ``` It works for me, i've got the real ip on my nginx backend with HTTP_X_FORWARDED_FOR On my nginx backend configuration file : ```nginx set_real_ip_from 10.0.0.0/8; set_real_ip_from 10.255.0.2; real_ip_header X-Forwarded-For; real_ip_recursive on; ``` Hope it will help

kerem commented 2026-02-26 05:33:31 +03:00

Author

Owner

Copy link

@marrobHD commented on GitHub (Jul 5, 2020):

Maybe I'm doing something wrong but the guest still only shows the local ip of npm

<!-- gh-comment-id:653947489 --> @marrobHD commented on GitHub (Jul 5, 2020): Maybe I'm doing something wrong but the guest still only shows the local ip of npm

kerem commented 2026-02-26 05:33:31 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (Oct 25, 2021):

There is nothing we can do about that. In normal network mode docker overwrites the ip with the gateway ip when being accessed from the same machine the docker stack is hosted on.
The only thing you can do is to switch to host mode for the docker ports as described in the post above.

<!-- gh-comment-id:950926258 --> @chaptergy commented on GitHub (Oct 25, 2021): There is nothing we can do about that. In normal network mode [docker overwrites the ip with the gateway ip](https://github.com/docker/roadmap/issues/157) when being accessed from the same machine the docker stack is hosted on. The only thing you can do is to switch to host mode for the docker ports as described in the [post above](#issuecomment-464364484).

kerem commented 2026-02-26 05:33:31 +03:00

Author

Owner

Copy link

@natechoiniere commented on GitHub (Sep 5, 2023):

There is nothing we can do about that. In normal network mode docker overwrites the ip with the gateway ip when being accessed from the same machine the docker stack is hosted on. The only thing you can do is to switch to host mode for the docker ports as described in the post above.

Just to be clear, this means that it's impossible for NPM to discern who's connecting to the webserver, and that it's impossible to use the Access List in order to make some pages internal-only out of the box. This is intended behavior? I'm coming from https://github.com/NginxProxyManager/nginx-proxy-manager/issues/674

<!-- gh-comment-id:1706452536 --> @natechoiniere commented on GitHub (Sep 5, 2023): > There is nothing we can do about that. In normal network mode [docker overwrites the ip with the gateway ip](https://github.com/docker/roadmap/issues/157) when being accessed from the same machine the docker stack is hosted on. The only thing you can do is to switch to host mode for the docker ports as described in the [post above](#issuecomment-464364484). Just to be clear, this means that it's impossible for NPM to discern who's connecting to the webserver, and that it's impossible to use the Access List in order to make some pages internal-only out of the box. This is intended behavior? I'm coming from https://github.com/NginxProxyManager/nginx-proxy-manager/issues/674

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#37

No description provided.