Can't get client's real IP when using Nginx reverse proxy
Question
Problem description:
When I access Asp.net MVC Core 3.1 webpage that is supposed to return my remote client's ip address I instead get internal docker IP of Nginx container. I'm not sure if the problem is my code in asp.net core, the Nginx reverse proxy configuration not forwarding my client ip to Kestrel container, or something else.
Output:
::ffff:172.23.0.3
Desired Output (example using random ip):
231.43.6.124
Setup:
- Remote VPS using Ubuntu and running Docker (ie not running locally)
- Kestrel docker container that has no public access
- Nginx Docker container that has public access on port 80 and forwards requests to backend kestrel server.
nginx.conf
http {
upstream backendservers {
server kestrel:80;
}
server {
listen 80;
location / {
proxy_pass http://backendservers/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host:443;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-Proto https;
}
}
}
events {
}
asp.net core code
// controller
public IActionResult GetIP()
{
var ip = HttpContext.Connection.RemoteIpAddress.ToString();
ViewBag.ip = ip;
return View();
}
// view
@{
ViewData["Title"] = "Get IP";
}
<div class="text-center">
<p>@ViewBag.ip</p>
</div>
Docker startup:
docker network create --driver=bridge stacknet
docker run -d --name=kestrel --restart=always -h kestrel.local --network=stacknet mykestrelimage
docker run -d --name=nginx --restart=always -p 80:80 -h nginx.local --network=stacknet mynginximage
UPDATE 1: As a test I opened the Kestrel 80 port. I can get client IP when I hit Kestrel directly I just can't get it when it's coming via Nginx reverse proxy.
UPDATE 2: Added some lines to ngix.conf as per suggestion of one of replies below but didn't seem to make a difference.
2 answers
solution1
6 2020-10-16 11:17:22
I had similar issue this is what i tried and it fixed my issue..
- go to
/etc/nginx/sites-available/you will found default file where you had configured your servers like this.
server{ server_name example.com; location / { proxy_pass http://localhost:4000; proxy_set_header X-Real-IP $remote_addr; <---Add this line proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; <---this line too }
2.there will be one more file named proxy_params in /nginx folder make sure you have below lines in this file.
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- Most important in your back-end code get the IP like this.
const ipAddress = req.headers['x-forwarded-for'] as string;
You can also check the request ip through this command.
$ sudo tail -f /var/log/nginx/access.log
solution2
1 2020-07-01 15:30:25
You may need to forward the original IP. Here is NGinx's doc on the subject: https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/
And an example of the older x-forwarded-for from: https://plone.lucidsolutions.co.nz/web/reverseproxyandcache/setting-nginx-http-x-forward-headers-for-reverse-proxy
location / {
proxy_pass http://upstream/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host:443;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-Proto https;
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.