Skip to content

/ nginx-proxy

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request for documentation: IPv6 support + correct client ip addresses #1419

Open
tuxmainy opened this issue Apr 5, 2020 · 0 comments
Open

Request for documentation: IPv6 support + correct client ip addresses #1419

tuxmainy opened this issue Apr 5, 2020 · 0 comments

Comments

@tuxmainy
Copy link

@tuxmainy tuxmainy commented Apr 5, 2020
edited

Hi,
I had a rough time to get IPv6 working with the actual ip addresses of the clients and not the docker host IPv4 (yes, 4) address. The purpose of this issue is:

a) someone with more docker knowledge should check if I have done things right
b) Jason, I kindly ask you to add this to the documentation page of your nginx-proxy repository even if this is not fully nginx-proxy related but as your image provides a reverse proxy and lot of peoples are wondering what happens it would be nice if you could add this.

best regards
Daniel

------ Documentation -----

IPv6 Support w/ actual client ip addresses

If you just bind the nginx HTTP(S) port to an IPv6 address on your Docker host you won't see the actual requesting IPv6 address of the client but the IPv4 address of Docker host (e.g. 172.17.0.1):
nginx.1 | [2001:0db8::1] 172.17.0.1 - - [05/Apr/2020:14:46:56 +0000] "GET / HTTP/1.1" 200 197 "-" "Wget/1.20.3 (linux-gnu)"

Following guide provides a way to see the actual requesting IPv6 client address by using a container which adds IPv6 NAT rules (e.g. 2001:0db8::abc):
nginx.1 | [2001:0db8::1] 2001:0db8::abc - - [05/Apr/2020:16:19:20 +0000] "GET / HTTP/1.1" 200 197 "-" "Wget/1.20.3 (linux-gnu)"

Thus, nginx-proxy will be able to set the actual client ip address in the HTTP_X_FORWARDED_FOR header which could be used by your web application.

Docker configuration

Disable Docker userland-proxy and enable IPv6 support by using ULA adresses to provide container isolation

/etc/docker/daemon.json
"userland-proxy": false, "ipv6": true, "fixed-cidr-v6": "fd00:c0fe:babe::/48"

IPv6 NAT

This will add IPv6 NAT support (like the one of IPv4 which is directly implemented by Docker). If you want to have a discussion about IPv6 NAT have a look at the project repository.

docker run -d --restart=always -v /var/run/docker.sock:/var/run/docker.sock:ro --cap-add=NET_ADMIN --cap-add=SYS_MODULE --net=host robbertkl/ipv6nat

IPv6 Support in nginx

Now, all IPv6 requests on exposed ports get routed directly to you Docker container. Thus nginx-proxy has to listen on an IPv6 socket. This is enabled by adding ENABLE_IPV6 environment:
docker run ... -e ENABLE_IPV6=true ... jwilder/nginx-proxy
tuxmainy pushed a commit to tuxmainy/nginx-proxy that referenced this issue May 1, 2020
root
IPv6 support + correct client ip addresses doc
293c10e 
Request for documentation: IPv6 support + correct client ip addresses nginx-proxy#1419
nginx-proxy#1419
@tuxmainy tuxmainy mentioned this issue May 1, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant
@tuxmainy
You can’t perform that action at this time.