记录客户端的“真实” Docker Swarm 1.12访问服务时的IP地址 [英] Log client's "real" IP address in Docker Swarm 1.12 when accessing a service

问题描述

在用户创建的覆盖网络中，我在Docker Swarm中运行nginx容器作为服务。两者都创建于：

I have nginx container running as a service in Docker Swarm inside user created overlay network. Both created with:

docker network create --driver overlay proxy
docker service create --name proxy --network proxy -p 80:80 nginx

通过浏览器访问nginx站点时，在nginx访问日志远程地址被记录为10.255 ...格式化的地址，我认为是Swarm负载均衡器地址。问题是如何知道/记录访问站点的最终客户端的地址，而不是负载平衡器地址。

When accessing nginx site through a browser, in nginx access log remote address is logged as 10.255... formatted address, what I presume to be the Swarm load balancer address. The question is how to know/log the address of the end client accessing the site and not the load balancer address.

推荐答案

catch !,大多数人分析nginx access.log 和客户端ip是其中的重要组成部分。

Good catch!, Most people analyzing the nginx access.log and client ip is important part of it.

作为docker版本1.12.1存在问题。 nginx会记录swarm overlay ip。但客户端ip可以独立的容器记录。作为一个工作，你可以有一个反向代理指向群组服务。我知道这是针对高可用性和自我治疗群体的概念，但似乎是现在唯一的工作

As docker version 1.12.1 the problem exists. nginx will log swarm overlay ip. But client ip logs fine as standalone container. As a work around, you can have a reverse proxy pointing to swarm service. I know this is against High availablity and Self Healing concept of swarm, but seems to be the only work around right now.

示例配置:(允许swarm服务在本地主机上的8081上收听）

sample config: (lets assume swarm service is listening on 8081 on localhost)

server {
  listen 80 default_server;
  location / {
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_pass          http://localhost:8181;
    proxy_read_timeout  90;
  }
}

更多信息可以在这个github问题。

另一个选项：

您可以在主机模式下使用网络。

You can use networking in host mode.

docker service create \
--name nginx \
--network <your overlay network> \
--publish mode=host,target=80,published=80 \
--publish mode=host,target=443,published=443 \
--replicas 1 \
nginx

这篇关于记录客户端的“真实” Docker Swarm 1.12访问服务时的IP地址的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！