Skip to content

Unit does not respect forwarded-ip when a proxy is in use #1331

New issue
New issue
Closed
#1369
Closed
Unit does not respect forwarded-ip when a proxy is in use#1331
#1369
@cpund

Description

@cpund
cpund
opened on Oct 8, 2024

Current Behavior

Following the recommended process per the wiki for setting up TLS (https://github.com/netbox-community/netbox-docker/wiki/TLS), I've noticed that when viewing docker logs (from Unit) that all external requests (not the healthchecks) are written as if coming from the proxy, instead of implementing the X-Forwarded-For header to correctly identify the true originator of the request.

Expected Behavior

The Unit configuration file should include the forwarded section. This would allow us to define the source proxy and then ensure that the X-Forwarded-For IP gets passed for proper logging, instead of just reporting the IP of the Caddy proxy server.

Docker Compose Version

Docker Compose version v2.29.1

Docker Version

Client: Docker Engine - Community Version: 27.1.1 API version: 1.46 Go version: go1.21.12 Git commit: 6312585 Built: Tue Jul 23 19:58:57 2024 OS/Arch: linux/amd64 Context: default Server: Docker Engine - Community Engine: Version: 27.1.1 API version: 1.46 (minimum version 1.24) Go version: go1.21.12 Git commit: cc13f95 Built: Tue Jul 23 19:57:11 2024 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.7.19 GitCommit: 2bf793ef6dc9a18e00cb12efb64355c2c9d5eb41 runc: Version: 1.7.19 GitCommit: v1.1.13-0-g58aa920 docker-init: Version: 0.19.0 GitCommit: de40ad0

The git Revision

27bf52c

The git Status

On branch release Your branch is up to date with 'origin/release'. Changes not staged for commit: (use "git add <file>..." to update what will be committed) (use "git restore <file>..." to discard changes in working directory) modified: env/netbox.env modified: env/postgres.env modified: env/redis-cache.env modified: env/redis.env Untracked files: (use "git add <file>..." to include in what will be committed) Caddyfile Dockerfile-Local docker-compose.override.yaml env/netbox.env.old local_requirements.txt netbox.key no changes added to commit (use "git add" and/or "git commit -a")

Startup Command

docker compose up -d

NetBox Logs

netbox-1 | ↩️ Skip creating the superuser netbox-1 | 🧬 loaded config '/etc/netbox/config/configuration.py' netbox-1 | 🧬 loaded config '/etc/netbox/config/extra.py' netbox-1 | 🧬 loaded config '/etc/netbox/config/logging.py' netbox-1 | 🧬 loaded config '/etc/netbox/config/netbox.py' netbox-1 | 🧬 loaded config '/etc/netbox/config/plugins.py' netbox-1 | ✅ Initialisation is done. netbox-1 | ⏳ Waiting for control socket to be created... (1/10) netbox-1 | 2024/10/08 03:59:25 [warn] 8#8 Unit is running unprivileged, then it cannot use arbitrary user and group. netbox-1 | 2024/10/08 03:59:25 [info] 8#8 unit 1.33.0 started netbox-1 | 2024/10/08 03:59:25 [info] 101#101 discovery started netbox-1 | 2024/10/08 03:59:25 [notice] 101#101 module: python 3.12.3 "/usr/lib/unit/modules/python3.12.unit.so" netbox-1 | 2024/10/08 03:59:25 [info] 8#8 controller started netbox-1 | 2024/10/08 03:59:25 [notice] 8#8 process 101 exited with code 0 netbox-1 | 2024/10/08 03:59:25 [info] 103#103 router started netbox-1 | 2024/10/08 03:59:25 [info] 103#103 OpenSSL 3.0.13 30 Jan 2024, 300000d0 netbox-1 | ⚙️ Applying configuration from /etc/unit/nginx-unit.json netbox-1 | 2024/10/08 03:59:27 [info] 114#114 "netbox" prototype started netbox-1 | 2024/10/08 03:59:27 [info] 115#115 "netbox" application started netbox-1 | ✅ Unit configuration loaded successfully netbox-1 | 2024/10/08 03:59:28 [notice] 8#8 process 99 exited with code 0 netbox-1 | 2024/10/08 03:59:31 [info] 149#149 "netbox" application started netbox-1 | ::1 - - [08/Oct/2024:03:59:37 +0000] "GET /login/ HTTP/1.1" 200 3710 "-" "curl/8.5.0" netbox-1 | ::1 - - [08/Oct/2024:03:59:45 +0000] "GET /login/ HTTP/1.1" 200 3710 "-" "curl/8.5.0" netbox-1 | ::1 - - [08/Oct/2024:03:59:47 +0000] "GET /login/ HTTP/1.1" 200 3710 "-" "curl/8.5.0" netbox-1 | ::1 - - [08/Oct/2024:04:00:03 +0000] "GET /login/ HTTP/1.1" 200 3710 "-" "curl/8.5.0" netbox-1 | 172.18.0.6 - - [08/Oct/2024:04:00:07 +0000] "GET / HTTP/1.1" 200 122669 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0" netbox-1 | 172.18.0.6 - - [08/Oct/2024:04:00:07 +0000] "GET /static/setmode.js?v=4.1.3 HTTP/1.1" 200 1314 "https://netbox.example.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0" netbox-1 | 172.18.0.6 - - [08/Oct/2024:04:00:07 +0000] "GET /static/netbox-external.css?v=4.1.3 HTTP/1.1" 200 367160 "https://netbox.example.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0" netbox-1 | 172.18.0.6 - - [08/Oct/2024:04:00:07 +0000] "GET /static/netbox.css?v=4.1.3 HTTP/1.1" 200 554378 "https://netbox.example.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0" netbox-1 | 172.18.0.6 - - [08/Oct/2024:04:00:07 +0000] "GET /static/netbox.js?v=4.1.3 HTTP/1.1" 200 389845 "https://netbox.example.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0" netbox-1 | 172.18.0.6 - - [08/Oct/2024:04:00:08 +0000] "GET /core/changelog/?per_page=25&embedded=True HTTP/1.1" 200 21370 "https://netbox.example.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0" netbox-1 | ::1 - - [08/Oct/2024:04:00:18 +0000] "GET /login/ HTTP/1.1" 200 3710 "-" "curl/8.5.0" netbox-1 | ::1 - - [08/Oct/2024:04:00:33 +0000] "GET /login/ HTTP/1.1" 200 3710 "-" "curl/8.5.0" netbox-1 | ::1 - - [08/Oct/2024:04:00:48 +0000] "GET /login/ HTTP/1.1" 200 3710 "-" "curl/8.5.0" netbox-1 | ::1 - - [08/Oct/2024:04:01:03 +0000] "GET /login/ HTTP/1.1" 200 3710 "-" "curl/8.5.0" netbox-1 | ::1 - - [08/Oct/2024:04:01:18 +0000] "GET /login/ HTTP/1.1" 200 3710 "-" "curl/8.5.0" netbox-1 | ::1 - - [08/Oct/2024:04:01:33 +0000] "GET /login/ HTTP/1.1" 200 3710 "-" "curl/8.5.0"

Content of docker-compose.override.yml

services: netbox: restart: unless-stopped image: netbox:latest-local healthcheck: timeout: 3s interval: 15s test: "curl -f -H 'Host: netbox.example.com' http://localhost:8080/login/ || exit 1" environment: SKIP_SUPERUSER: "true" SUPERUSER_API_TOKEN: "" SUPERUSER_EMAIL: "" SUPERUSER_NAME: "" SUPERUSER_PASSWORD: "" build: context: . dockerfile: Dockerfile-Local netbox-worker: restart: unless-stopped image: netbox:latest-local netbox-housekeeping: restart: unless-stopped image: netbox:latest-local postgres: restart: unless-stopped redis: restart: unless-stopped redis-cache: restart: unless-stopped tls: image: caddy:2-alpine depends_on: - netbox volumes: - /etc/pki/tls/certs/netbox_bundle.pem:/etc/ssl/private/cert.crt:ro,z - /etc/pki/tls/private/netbox.key:/etc/ssl/private/key.key:ro,z - ./Caddyfile:/etc/caddy/Caddyfile:ro ports: - "80:80" - "443:443"

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions