前言:今天使用docker部署Nginx,感覺還挺方便的,后來發現Nginx日志獲取的IP是docker的IP,不是真實的客戶端IP,分享下如何獲取真實的客戶端IP
1、下面圖的IP是172開頭的,這是屬於容器分配的IP,通過把docker網橋加入到防火牆的internal區域就可以獲取到真實的IP
2、查詢你docker容器中網橋名稱,以br-d4aaa開頭的就是容器中網橋
[root@test 15:52:44 /]# ifconfig
br-d4aaa1xxxx: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.0.1 netmask 255.255.0.0 broadcast 192.168.255.255
ether 02:42:6f:95:d3:cd txqueuelen 0 (Ethernet)
RX packets 16 bytes 1298 (1.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 16 bytes 1298 (1.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
3、把網橋加入到防火牆的internal(內部)區域
firewall-cmd --permanent --zone=internal --change-interface=br-d4aaa1xxxx(你的容器網橋)
4、重啟firewalld
systemctl stop firewalld.service
systemctl start firewalld.service
5、再次訪問查看Nginx日志
