Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unit does not respect forwarded-ip when a proxy is in use #1331

Open
cpund opened this issue Oct 8, 2024 · 0 comments
Open

Unit does not respect forwarded-ip when a proxy is in use #1331

cpund opened this issue Oct 8, 2024 · 0 comments

Comments

@cpund
Copy link

cpund commented Oct 8, 2024
edited
Loading

Current Behavior

Following the recommended process per the wiki for setting up TLS (https://github.com/netbox-community/netbox-docker/wiki/TLS), I've noticed that when viewing docker logs (from Unit) that all external requests (not the healthchecks) are written as if coming from the proxy, instead of implementing the X-Forwarded-For header to correctly identify the true originator of the request.

Expected Behavior

The Unit configuration file should include the forwarded section. This would allow us to define the source proxy and then ensure that the X-Forwarded-For IP gets passed for proper logging, instead of just reporting the IP of the Caddy proxy server.

Docker Compose Version

Docker Compose version v2.29.1

Docker Version

Client: Docker Engine - Community
 Version:           27.1.1
 API version:       1.46
 Go version:        go1.21.12
 Git commit:        6312585
 Built:             Tue Jul 23 19:58:57 2024
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          27.1.1
  API version:      1.46 (minimum version 1.24)
  Go version:       go1.21.12
  Git commit:       cc13f95
  Built:            Tue Jul 23 19:57:11 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.19
  GitCommit:        2bf793ef6dc9a18e00cb12efb64355c2c9d5eb41
 runc:
  Version:          1.7.19
  GitCommit:        v1.1.13-0-g58aa920
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

The git Revision

27bf52c

The git Status

On branch release
Your branch is up to date with 'origin/release'.

Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
        modified:   env/netbox.env
        modified:   env/postgres.env
        modified:   env/redis-cache.env
        modified:   env/redis.env

Untracked files:
  (use "git add <file>..." to include in what will be committed)
        Caddyfile
        Dockerfile-Local
        docker-compose.override.yaml
        env/netbox.env.old
        local_requirements.txt
        netbox.key

no changes added to commit (use "git add" and/or "git commit -a")

Startup Command

docker compose up -d

NetBox Logs

netbox-1  | ↩️ Skip creating the superuser
netbox-1  | 🧬 loaded config '/etc/netbox/config/configuration.py'
netbox-1  | 🧬 loaded config '/etc/netbox/config/extra.py'
netbox-1  | 🧬 loaded config '/etc/netbox/config/logging.py'
netbox-1  | 🧬 loaded config '/etc/netbox/config/netbox.py'
netbox-1  | 🧬 loaded config '/etc/netbox/config/plugins.py'
netbox-1  | ✅ Initialisation is done.
netbox-1  | ⏳ Waiting for control socket to be created... (1/10)
netbox-1  | 2024/10/08 03:59:25 [warn] 8#8 Unit is running unprivileged, then it cannot use arbitrary user and group.
netbox-1  | 2024/10/08 03:59:25 [info] 8#8 unit 1.33.0 started
netbox-1  | 2024/10/08 03:59:25 [info] 101#101 discovery started
netbox-1  | 2024/10/08 03:59:25 [notice] 101#101 module: python 3.12.3 "/usr/lib/unit/modules/python3.12.unit.so"
netbox-1  | 2024/10/08 03:59:25 [info] 8#8 controller started
netbox-1  | 2024/10/08 03:59:25 [notice] 8#8 process 101 exited with code 0
netbox-1  | 2024/10/08 03:59:25 [info] 103#103 router started
netbox-1  | 2024/10/08 03:59:25 [info] 103#103 OpenSSL 3.0.13 30 Jan 2024, 300000d0
netbox-1  | ⚙️ Applying configuration from /etc/unit/nginx-unit.json
netbox-1  | 2024/10/08 03:59:27 [info] 114#114 "netbox" prototype started
netbox-1  | 2024/10/08 03:59:27 [info] 115#115 "netbox" application started
netbox-1  | ✅ Unit configuration loaded successfully
netbox-1  | 2024/10/08 03:59:28 [notice] 8#8 process 99 exited with code 0
netbox-1  | 2024/10/08 03:59:31 [info] 149#149 "netbox" application started
netbox-1  | ::1 - - [08/Oct/2024:03:59:37 +0000] "GET /login/ HTTP/1.1" 200 3710 "-" "curl/8.5.0"
netbox-1  | ::1 - - [08/Oct/2024:03:59:45 +0000] "GET /login/ HTTP/1.1" 200 3710 "-" "curl/8.5.0"
netbox-1  | ::1 - - [08/Oct/2024:03:59:47 +0000] "GET /login/ HTTP/1.1" 200 3710 "-" "curl/8.5.0"
netbox-1  | ::1 - - [08/Oct/2024:04:00:03 +0000] "GET /login/ HTTP/1.1" 200 3710 "-" "curl/8.5.0"
netbox-1  | 172.18.0.6 - - [08/Oct/2024:04:00:07 +0000] "GET / HTTP/1.1" 200 122669 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0"
netbox-1  | 172.18.0.6 - - [08/Oct/2024:04:00:07 +0000] "GET /static/setmode.js?v=4.1.3 HTTP/1.1" 200 1314 "https://netbox.example.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0"
netbox-1  | 172.18.0.6 - - [08/Oct/2024:04:00:07 +0000] "GET /static/netbox-external.css?v=4.1.3 HTTP/1.1" 200 367160 "https://netbox.example.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0"
netbox-1  | 172.18.0.6 - - [08/Oct/2024:04:00:07 +0000] "GET /static/netbox.css?v=4.1.3 HTTP/1.1" 200 554378 "https://netbox.example.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0"
netbox-1  | 172.18.0.6 - - [08/Oct/2024:04:00:07 +0000] "GET /static/netbox.js?v=4.1.3 HTTP/1.1" 200 389845 "https://netbox.example.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0"
netbox-1  | 172.18.0.6 - - [08/Oct/2024:04:00:08 +0000] "GET /core/changelog/?per_page=25&embedded=True HTTP/1.1" 200 21370 "https://netbox.example.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0"
netbox-1  | ::1 - - [08/Oct/2024:04:00:18 +0000] "GET /login/ HTTP/1.1" 200 3710 "-" "curl/8.5.0"
netbox-1  | ::1 - - [08/Oct/2024:04:00:33 +0000] "GET /login/ HTTP/1.1" 200 3710 "-" "curl/8.5.0"
netbox-1  | ::1 - - [08/Oct/2024:04:00:48 +0000] "GET /login/ HTTP/1.1" 200 3710 "-" "curl/8.5.0"
netbox-1  | ::1 - - [08/Oct/2024:04:01:03 +0000] "GET /login/ HTTP/1.1" 200 3710 "-" "curl/8.5.0"
netbox-1  | ::1 - - [08/Oct/2024:04:01:18 +0000] "GET /login/ HTTP/1.1" 200 3710 "-" "curl/8.5.0"
netbox-1  | ::1 - - [08/Oct/2024:04:01:33 +0000] "GET /login/ HTTP/1.1" 200 3710 "-" "curl/8.5.0"

Content of docker-compose.override.yml

services:
  netbox:
    restart: unless-stopped
    image: netbox:latest-local
    healthcheck:
      timeout: 3s
      interval: 15s
      test: "curl -f -H 'Host: netbox.example.com' http://localhost:8080/login/ || exit 1"
    environment:
      SKIP_SUPERUSER: "true"
      SUPERUSER_API_TOKEN: ""
      SUPERUSER_EMAIL: ""
      SUPERUSER_NAME: ""
      SUPERUSER_PASSWORD: ""
    build:
      context: .
      dockerfile: Dockerfile-Local
  netbox-worker:
    restart: unless-stopped
    image: netbox:latest-local
  netbox-housekeeping:
    restart: unless-stopped
    image: netbox:latest-local
  postgres:
    restart: unless-stopped
  redis:
    restart: unless-stopped
  redis-cache:
    restart: unless-stopped
  tls:
    image: caddy:2-alpine
    depends_on:
      - netbox
    volumes:
      - /etc/pki/tls/certs/netbox_bundle.pem:/etc/ssl/private/cert.crt:ro,z
      - /etc/pki/tls/private/netbox.key:/etc/ssl/private/key.key:ro,z
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
    ports:
      - "80:80"
      - "443:443"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cpund