Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Real IP from AWS to nginx proxy to gitlab's nginx-proxy #1223

Open
reynold-lariza opened this issue May 22, 2017 · 3 comments
Open

Real IP from AWS to nginx proxy to gitlab's nginx-proxy #1223

reynold-lariza opened this issue May 22, 2017 · 3 comments
Labels

Comments

@reynold-lariza
Copy link
Contributor

reynold-lariza commented May 22, 2017

Hey guys,

Just need a bit of help, I've struggling with this for hours now... the thing I need to send the real client IP address...

So, I used the basic nginx container with --net=host

I also followed for the AWS ELB:

https://easyengine.io/tutorials/nginx/amazon-elastic-load-balancer-forward-real-ip/

Now I'm able to verify that the nginx is able to capture the actual client IP address, when I enable proxy_set_header X-Forwarded-Host $remote_addr;

However, how do I pass this IP to gitlab? cause what it currently gets is the private IP address of the docker host where nginx proxy is running.

Anyone encountered the same issue, and how were you able to solve this issue?

This is my config for gitlab.conf

server {
    listen       80;
    server_name  git.whiteskylabs.com;
    client_max_body_size 640M;
    client_body_buffer_size 1M;

   location / {

    proxy_set_header  Host $host;
    proxy_set_header  X-Real-IP $remote_addr;
    proxy_set_header  X-Forwarded-Proto https;
#proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header  X-Forwarded-For $remote_addr;
#    proxy_set_header  X-Forwarded-Host $remote_addr;
    proxy_pass http://gitlab-ec2-ip:10080/;

        }
}

Thanks,

@reynold-lariza
Copy link
Contributor Author

reynold-lariza commented May 22, 2017

Ah.. surprisingly, I was able to make it work...

I also added inside gitlab container's nginx.conf (also with main nginx proxy container)

http {
real_ip_header X-Forwarded-For;
set_real_ip_from 0.0.0.0/0;
...
}

and with main nginx proxy gitlab.conf

server {
    listen       80;
    server_name  gitlab-domain.com;
    client_max_body_size 640M;
    client_body_buffer_size 1M;

   location / {

    proxy_set_header  Host $host;
    proxy_set_header  X-Real-IP $remote_addr;
    proxy_set_header  X-Forwarded-Proto https;
    proxy_set_header  X-Forwarded-For $remote_addr;
    proxy_set_header  X-Forwarded-Host $server_name;
    proxy_pass http://gitlab-ec2-ip:10080/;

        }
}

Now it works as I expected it... but I had to do this hard coding edit into a a live gitlab container...

Is there anyway this can be done upon first run of the container?

@reynold-lariza reynold-lariza changed the title Real IP from AWS to nginx proxy to gitlab Real IP from AWS to nginx proxy to gitlab's nginx-proxy May 22, 2017
@reynold-lariza
Copy link
Contributor Author

reynold-lariza commented May 22, 2017

FYI,

Could be useful to others.

I was successful setting this up with config NGINX_SET_REAL_IP_FROM

| NGINX_SET_REAL_IP_FROM | Set the value for X-Real-IP. Defaults to 0.0.0.0/0. |

# assets/runtime/env-defaults
+ ## Nginx Additional Configuration
+ NGINX_SET_REAL_IP_FROM=${NGINX_SET_REAL_IP_FROM:-"0.0.0.0/0"}
# assets/runtime/functions
    NGINX_PROXY_BUFFERING \
    NGINX_ACCEL_BUFFERING \
+  NGINX_SET_REAL_IP_FROM \
    NGINX_X_FORWARDED_PROTO
+ # assets/runtime/config/nginx/gitlab and assets/runtime/config/nginx/gitlab-ssl
+  ## Required for retrieving actual client IP address
+  real_ip_header X-Forwarded-For;
+  set_real_ip_from {{NGINX_SET_REAL_IP_FROM}};

Note: this assumes your nginx is running natively or using --net=host (in addition mine is behind AWS ELB)

@stale
Copy link

stale bot commented May 7, 2020

This issue has been automatically marked as stale because it has not had any activity for the last 60 days. It will be closed if no further activity occurs during the next 7 days. Thank you for your contributions.

@stale stale bot added the wontfix label May 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant