I am looking for a little help. I’ve been trying to get nginx-proxy:
GitHub - jwilder/nginx-proxy: Automated nginx proxy for Docker containers using docker-gen working with IPv6. It works but the IP address is an IPv4 address from the docker server. I don’t want this… I want it to show my actual IPv6 client address. I use this for some of my apps.
X-Real-IP X-Forward-For is showing the wrong IP address as well.
The problem is that the below give me a fix that breaks the lets-encrypt companion.
Convos about it:
09:12PM - 08 Jun 19 UTC
12:22PM - 12 Jun 19 UTC
By setting nginx-proxy with docker-compose and an external network the remote ip address is the internal IP address and not the...
Alas, any help would be appreciated. Even a different proxy would work for me.
I’m not sure there’s an easy way to do that without using DNAT, as docker sets up masquerade by default for all containers. Try launching with -P to expose the port, or use KVM as GOD and COUNTRY intended.
I think I might have figured it out, and -P doesn’t work just as an FYI.
Huh. Surprised that it doesn’t, but assigning an IPv6 address should just work.
I thought nginx-proxy was abandoned.
traefik is a far more useful and elegant front-end proxy for docker containers IMHO. At least for my use cases.
I tried Traefik before, it was a mess to setup. Half the documentation wasn’t accurate or valid for the current release.
I spent a few days trying to set it up, only to find out that it wasn’t supported unless you bought the premium package.
Do you have a docker-compose with a working let’s encrypt bundle?
Also, it looks like nginx-proxy is being maintained to me:
Let’s encrypt certs support is built in to traefik, so that helps.
Here’s some relevant files. Maybe I should have PM’d them?
my docker-compose for traefik:
image: traefik # The official Traefik docker image
# - "80:80" # The HTTP port
- "443:443" # HTTPS
- "10.25.99.123:1880:8080" # The Web UI exposed to my vpn (enabled by --api)
… and the traefik.toml:
defaultEntryPoints = ["https","http"]
address = ":80"
entryPoint = "https"
address = ":443"
endpoint = "unix:///var/run/docker.sock"
domain = "my-domain.com"
watch = true
exposedByDefault = false
email = "firstname.lastname@example.org"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
then in a docker-compose for a container that’s going to be exposed…
the acme.json file is created and maintained by traefik. It holds certs and other info from Let’s Encrypt.
[Edit] And actually your IPv6 issues have been discussed (and solved I think) with traefik
Thank you and Thank you!
And the IPv6 fix is what I did with Nginx-proxy. Exact same fix to be honest.
There is also
GitHub - Neilpang/nginx-proxy: nginx proxy with free ssl cert by acme.sh which is a cleaner setup IMO. I’ve only messed around with it a bit in testing and for a low usage test case but it works well for that.
Did you get it to work with IPv6. I tried it a few days ago, and it failed to work with IPv6.