1. 技术文章
  2. Log client's “real” IP address in Docker Swarm 1.12 when accessing a service

Log client's “real” IP address in Docker Swarm 1.12 when accessing a service

时光怂恿深爱的人放手 提交于 2019-12-04 03:58:07

Good catch!, Most people analyzing the nginx access.log and client ip is important part of it.

As docker version 1.12.1 the problem exists. nginx will log swarm overlay ip. But client ip logs fine as standalone container. As a work around, you can have a reverse proxy pointing to swarm service. I know this is against High availablity and Self Healing concept of swarm, but seems to be the only work around right now.

sample config: (lets assume swarm service is listening on 8081 on localhost)

server {
  listen 80 default_server;
  location / {
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_pass          http://localhost:8181;
    proxy_read_timeout  90;
  }
}

More info can be found on this github issue.

Another Option:

You can use networking in host mode.

docker service create \
--name nginx \
--network <your overlay network> \
--publish mode=host,target=80,published=80 \
--publish mode=host,target=443,published=443 \
--replicas 1 \
nginx

So the way I've worked around this for now is by using the mode=host option for publishing the port and pinning the proxy container to a single node like so:

docker service create \
--name proxy \
--network proxy \
--publish mode=host,target=80,published=80 \
--publish mode=host,target=443,published=443 \
--constraint 'node.hostname == myproxynode' \
--replicas 1 \
letsnginx
标签
nginx
Docker
load-balancing
docker-swarm
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!