问题
I have two docker container running, one is a nginx that accepts http and https requests and passes them to the other one which is a jetty container. I have noticed an issue since I switched to docker. I can't get the right request IP. The jetty application checks the request IP to ensure requests are coming from a particular server. In the Servlet I use following code to get the IP:
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
...
String remoteIpAddress = request.getRemoteAddr();
...
}
But I then get the IP 172.17.0.x, which seems to be some IP from docker and not the expected IP from the requester.
My docker images are run with following params:
docker run -d --read-only --name=jetty -v /tmp -v /run/jetty jetty:9
docker run -d --read-only --name=nginx --link jetty:jetty -v /var/run -p 80:80 -p 443:443 nginx
The important part is the --link param, where I link the networking of jetty to nginx.
In the nginx config I have defined an proxy pass to jetty:
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
and
location / {
proxy_pass http://jetty:8080;
}
My question is: how do I get the right IP from the request and not the 127.17.0.x one?
回答1:
If using Jetty 9, enable the ForwardRequestCustomizer
To do that ...
$ mkdir /path/to/jetty-base/etc
$ cp /path/to/jetty-dist/etc/jetty.xml /path/to/jetty-base/etc/
$ edit /path/to/jetty-base/etc/jetty.xml
Uncomment the lines
<Call name="addCustomizer">
<Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>
</Call>
Start your ${jetty.base}
$ cd /path/to/jetty-base
$ java -jar /path/to/jetty-dist/start.jar
Done
回答2:
When you do the request.getRemoteAddr(); you get the ip of the request, in this case the nginx running in docker.
The lines you added the in nginx config file add headers with the original ip, so the only thing you have to do is get the X-Real-IP header
回答3:
The accepted answer seems rather weird for someone that is using the default Docker Jetty image, we should not be changing or uncommenting things manually like that.
Here is the way to derive a the Docker image that worked for me:
FROM jetty:9.4-jre11
COPY checkout/my-app/target/v.war /var/lib/jetty/webapps/v.war
RUN java -jar /usr/local/jetty/start.jar --create-startd --add-to-start=http-forwarded
The file /usr/local/jetty/etc/jetty-http-forwarded.xml, which adds the org.eclipse.jetty.server.ForwardedRequestCustomizer to the configuration, will be added to the jetty.start automatically.
来源:https://stackoverflow.com/questions/34729849/passing-correct-ip-via-linked-docker-containers-from-nginx-to-jetty