Issue
I have two docker container running, one is a nginx that accepts http and https requests and passes them to the other one which is a jetty container. I have noticed an issue since I switched to docker. I can't get the right request IP. The jetty application checks the request IP to ensure requests are coming from a particular server. In the Servlet I use following code to get the IP:
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
...
String remoteIpAddress = request.getRemoteAddr();
...
}
But I then get the IP 172.17.0.x, which seems to be some IP from docker and not the expected IP from the requester.
My docker images are run with following params:
docker run -d --read-only --name=jetty -v /tmp -v /run/jetty jetty:9
docker run -d --read-only --name=nginx --link jetty:jetty -v /var/run -p 80:80 -p 443:443 nginx
The important part is the --link
param, where I link the networking of jetty to nginx.
In the nginx config I have defined an proxy pass to jetty:
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
and
location / {
proxy_pass http://jetty:8080;
}
My question is: how do I get the right IP from the request and not the 127.17.0.x one?
Solution
If using Jetty 9, enable the ForwardRequestCustomizer
To do that ...
$ mkdir /path/to/jetty-base/etc
$ cp /path/to/jetty-dist/etc/jetty.xml /path/to/jetty-base/etc/
$ edit /path/to/jetty-base/etc/jetty.xml
Uncomment the lines
<Call name="addCustomizer">
<Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>
</Call>
Start your ${jetty.base}
$ cd /path/to/jetty-base
$ java -jar /path/to/jetty-dist/start.jar
Done
Answered By - Joakim Erdfelt