I have been struggling for several weeks now trying to get my Nginx reverse proxy to show / pass through the real visitor IP and I have reached the point where I have no more ideas to try. I have of course been searching the web for solutions but to no success.
If anyone have suggestions on what to try now, it would be most appreciated. Please let me know if I need to supply any logs or settings-files.
My Setup
My server is self-hosted and is running Proxmox baremetal and on it I have an Ubuntu 20.04 VM which host all my containerized (docker) applications.
Among those containerized applications are Nginx Proxy Manager, which is basically an nginx reverse proxy with a nice web-GUI on top.
Docker is running in rootless mode with the resulting, known limitations. All privileged ports have been exposed.
The Problem
The Nginx Proxy is showing it's own IP on the assigned, custom docker bridge network (172.24.0.1
) as the client IP and thus, I'm unable to implement access restriction based on IP / subnet.
What I've tried so far
- Completely disabled the firewall for the Ubuntu VM in Proxmox.
- Look for any masquerading rules within the Ubuntu VM with
iptables -S -t nat
. No masquerading rules were present. - Exec into the container and review the nginx.conf to check that the settings
real_ip_header X-Forwarded-For;
andset_real_ip_from 172.0.0.0/8;
were specified, which they both were. - Bind port
443
and the80
on the container, to the host network as described here.
set_real_ip_from 172.0.0.0/8;
a typo? Should it perhaps beset_real_ip_from 172.17.0.0/8;
orset_real_ip_from 0.0.0.0/8;
(as in the linked issues)?0.0.0.0/0
as well with the same result. However I guess that178.0.0.0/8
should do it at the subnet covers the actual container IP172.24.0.1
.172.0.0.0/8
and not178.0.0.0/8
.