-
-
Save pedrolamas/db809a2b9112166da4a2dbf8e3a72ae9 to your computer and use it in GitHub Desktop.
| #!/bin/bash | |
| currentAttempt=0 | |
| totalAttempts=10 | |
| delay=15 | |
| while [ $currentAttempt -lt $totalAttempts ] | |
| do | |
| currentAttempt=$(( $currentAttempt + 1 )) | |
| echo "Attempt $currentAttempt of $totalAttempts..." | |
| result=$(iptables-save) | |
| if [[ $result =~ "-A DOCKER -i docker0 -j RETURN" ]]; then | |
| echo "Docker rules found! Modifying..." | |
| iptables -t nat -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER | |
| iptables -t nat -A PREROUTING -m addrtype --dst-type LOCAL ! --dst 127.0.0.0/8 -j DOCKER | |
| echo "Done!" | |
| break | |
| fi | |
| echo "Docker rules not found! Sleeping for $delay seconds..." | |
| sleep $delay | |
| done |
@ben-ba Not sure if we're talking about the same idea. In my nextcloud container it seems to only see the XFF IP if it's an external/public IP. For example here two request:
Client Proxy Service Request appears to be from
10.0.0.2 172.16.0.2 172.30.1.2 172.16.0.2
42.199.8.17 172.16.0.2 172.30.1.2 42.199.8.17
(My local LAN is 10.0.0.0/24)What I would like to achieve: In the example above the first request should also appear to be from
10.0.0.2and not how it currently is172.16.0.2.
Have you got any fix on this ?
There is a much saner solution for all of this. Just run all your containers on the host network and no additional things are needed. The only 'complex' thing i setup is changing the default ports of the built-in nginx inside a startup script, like @Maypul mentioned, but that is only because i want to use port 443 and port 80 for caddy. So:
sed -i "s/^\( *listen .*\)80/\1$HTTP_PORT/" /usr/syno/share/nginx/*.mustache
sed -i "s/^\( *listen .*\)443/\1$HTTPS_PORT/" /usr/syno/share/nginx/*.mustache
Now in your docker compose file, make sure you:
- use unique ports for every service
- specify
network_mode:host
It might look like this (the caddy labels are only needed if using caddy of course):
whoami-public:
container_name: whoami-public
image: traefik/whoami
network_mode: host
restart: unless-stopped
environment:
- WHOAMI_PORT_NUMBER=707
labels:
caddy: ${public_protocol}whoami.${public_domain}
caddy.reverse_proxy: "{{upstreams 707}}"
None of these iptables rules have worked for me :(
I'm using a DS918+ and running DSM 7.2.
When I run the iptables script, the X-Forwarded-For IP address becomes the address of my router for some reason. So I don't get the client IP, but the IP of my router.
Does anyone know a fix? I've also tried disabling
userland-proxyin the docker daemon, but that didn't work either. Or maybe I did something wrong.