Traefik/Nextcloud 未获取远程 IP 地址
Traefik/Nextcloud not obtaining remote IP address
我正在查看日志 files/database,我注意到当我尝试手动启动 nextcloud 暴力破解保护时,它记录的是 docker 网络的 IP 和子网,而不是 IP我访问登录页面的地址(具体为 192.168.192.1 和 192.168.192.1/32)
我不知道我的 traefik 或 Nextcloud compose 文件是否配置不正确,或者 docker 网络是否有其他问题,但我不经意地希望它检测到的实际 IP 地址尝试登录的用户,而不是内部 docker IP 信息。我想我应该从这里开始,看看在寻找其他地方之前是否能得到任何反馈。
traefik docker-compose.yml: https://pastebin.com/rjFA5ZBi
version: '3.3'
services:
traefik:
image: traefik:latest
container_name: traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${USERDIR}/traefik/traefik.toml:/traefik.toml
- ${USERDIR}/traefik/acme.json:/acme.json
- /var/log/traefik:/var/log
networks:
- proxy
ports:
- 80:80
- 443:443
expose:
- 8080
command:
- --accessLog.filePath=/var/log/access.log
- --accessLog.filters.retryAttempts=true
- --accessLog.filters.minDuration=10ms
- --accessLog.filters.statusCodes=400-499
restart: always
networks:
proxy:
external: true
Nextcloud docker-compose.yml: https://pastebin.com/CjTYBZm6
db:
image: mariadb
container_name: nextcloud-mariadb
environment:
- PUID=1000
- PGID=1000
- TZ=${TZ}
networks:
- proxy
volumes:
- ${USERDIR}/mysql:/var/lib/mysql
- /etc/localtime:/etc/localtime:ro
environment:
- MYSQL_ROOT_PASSWORD=Win!
- MYSQL_PASSWORD=Win!
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
restart: unless-stopped
nextcloud:
image: linuxserver/nextcloud
container_name: nextcloud
environment:
- PUID=1000
- PGID=1000
- TZ=${TZ}
depends_on:
- db
volumes:
- /mnt/raid/nextcloud:/data
- ${USERDIR}/nextcloud:/config
#- ${USERDIR}/nextcloud:/var/www/html
#- ${USERDIR}/nextcloud/app/config:/var/www/html/config
#- ${USERDIR}/nextcloud/app/custom_apps:/var/www/html/custom_apps
#- ${USERDIR}/nextcloud/app/themes:/var/www/html/themes
- /etc/localtime:/etc/localtime:ro
labels:
- traefik.enable=true
- traefik.backend=nextcloud
- traefik.frontend.rule=Host:upload.${DOMAIN}
- traefik.docker.network=proxy
- traefik.basic.protocol=https
- traefik.port=443
- traefik.frontend.redirect.permanent=true
- traefik.frontend.redirect.regex= https://(.*)/.well-known/(card|cal)dav
- traefik.frontend.redirect.replacement=https://$/remote.php/dav/
- traefik.frontend.headers.SSLRedirect=true
- traefik.frontend.headers.STSSeconds=315360000
- traefik.frontend.headers.browserXSSFilter=true
- traefik.frontend.headers.contentTypeNosniff=true
- traefik.frontend.headers.forceSTSHeader=true
- traefik.frontend.headers.SSLHost=example.com
- traefik.frontend.headers.STSIncludeSubdomains=true
- traefik.frontend.headers.STSPreload=true
- traefik.frontend.headers.frameDeny=true
networks:
- proxy
expose:
- 443
restart: unless-stopped
Traefik toml:https://pastebin.com/cDUxQaLb
#logLevel = "DEBUG"
logLevel = "INFO" #DEBUG, INFO, WARN, ERROR, FATAL, PANIC"
################################################################
defaultEntryPoints = ["http", "https"]
InsecureSkipVerify = true
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.forwardedHeaders]
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.forwardedHeaders]
[entryPoints.https.tls]
[web]
address = ":8080"
################################################################
# Docker configuration backend
################################################################
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "xxxx.xxxxx"
watch = true
exposedbydefault = false
[acme]
email = "xxxx"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"
欢迎任何帮助!!
已售出 -
config.php 下一个云需要 trusted_proxy
"trusted_proxies" => ['10.0.0.1'],
添加后,客户端 IP 地址最终被中继。
我正在查看日志 files/database,我注意到当我尝试手动启动 nextcloud 暴力破解保护时,它记录的是 docker 网络的 IP 和子网,而不是 IP我访问登录页面的地址(具体为 192.168.192.1 和 192.168.192.1/32)
我不知道我的 traefik 或 Nextcloud compose 文件是否配置不正确,或者 docker 网络是否有其他问题,但我不经意地希望它检测到的实际 IP 地址尝试登录的用户,而不是内部 docker IP 信息。我想我应该从这里开始,看看在寻找其他地方之前是否能得到任何反馈。
traefik docker-compose.yml: https://pastebin.com/rjFA5ZBi
version: '3.3'
services:
traefik:
image: traefik:latest
container_name: traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${USERDIR}/traefik/traefik.toml:/traefik.toml
- ${USERDIR}/traefik/acme.json:/acme.json
- /var/log/traefik:/var/log
networks:
- proxy
ports:
- 80:80
- 443:443
expose:
- 8080
command:
- --accessLog.filePath=/var/log/access.log
- --accessLog.filters.retryAttempts=true
- --accessLog.filters.minDuration=10ms
- --accessLog.filters.statusCodes=400-499
restart: always
networks:
proxy:
external: true
Nextcloud docker-compose.yml: https://pastebin.com/CjTYBZm6
db:
image: mariadb
container_name: nextcloud-mariadb
environment:
- PUID=1000
- PGID=1000
- TZ=${TZ}
networks:
- proxy
volumes:
- ${USERDIR}/mysql:/var/lib/mysql
- /etc/localtime:/etc/localtime:ro
environment:
- MYSQL_ROOT_PASSWORD=Win!
- MYSQL_PASSWORD=Win!
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
restart: unless-stopped
nextcloud:
image: linuxserver/nextcloud
container_name: nextcloud
environment:
- PUID=1000
- PGID=1000
- TZ=${TZ}
depends_on:
- db
volumes:
- /mnt/raid/nextcloud:/data
- ${USERDIR}/nextcloud:/config
#- ${USERDIR}/nextcloud:/var/www/html
#- ${USERDIR}/nextcloud/app/config:/var/www/html/config
#- ${USERDIR}/nextcloud/app/custom_apps:/var/www/html/custom_apps
#- ${USERDIR}/nextcloud/app/themes:/var/www/html/themes
- /etc/localtime:/etc/localtime:ro
labels:
- traefik.enable=true
- traefik.backend=nextcloud
- traefik.frontend.rule=Host:upload.${DOMAIN}
- traefik.docker.network=proxy
- traefik.basic.protocol=https
- traefik.port=443
- traefik.frontend.redirect.permanent=true
- traefik.frontend.redirect.regex= https://(.*)/.well-known/(card|cal)dav
- traefik.frontend.redirect.replacement=https://$/remote.php/dav/
- traefik.frontend.headers.SSLRedirect=true
- traefik.frontend.headers.STSSeconds=315360000
- traefik.frontend.headers.browserXSSFilter=true
- traefik.frontend.headers.contentTypeNosniff=true
- traefik.frontend.headers.forceSTSHeader=true
- traefik.frontend.headers.SSLHost=example.com
- traefik.frontend.headers.STSIncludeSubdomains=true
- traefik.frontend.headers.STSPreload=true
- traefik.frontend.headers.frameDeny=true
networks:
- proxy
expose:
- 443
restart: unless-stopped
Traefik toml:https://pastebin.com/cDUxQaLb
#logLevel = "DEBUG"
logLevel = "INFO" #DEBUG, INFO, WARN, ERROR, FATAL, PANIC"
################################################################
defaultEntryPoints = ["http", "https"]
InsecureSkipVerify = true
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.forwardedHeaders]
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.forwardedHeaders]
[entryPoints.https.tls]
[web]
address = ":8080"
################################################################
# Docker configuration backend
################################################################
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "xxxx.xxxxx"
watch = true
exposedbydefault = false
[acme]
email = "xxxx"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"
欢迎任何帮助!!
已售出 -
config.php 下一个云需要 trusted_proxy
"trusted_proxies" => ['10.0.0.1'],
添加后,客户端 IP 地址最终被中继。