Nginx behind Traefik Docker Swarm mode real ip

This issue was discussed on github #614.

When the upstream service receives requests forwarded from Traefik, the X-Forwarded-For header contains an IP address from the overlay network, not the actual client address.

To overcome this, you can use the new way of declaring service ports in docker-compose >=3.2 (LONG SYNTAX).

Then you ensure that traefik is attached to host network and will send the right X-Forwarded-For header (see below mode: host for the 80 port):

version: "3.2"services:  traefik:    ...    ports:      - "8080:8080"      - target: 80        published: 80        protocol: tcp        mode: host      - "443:443"    ...

Finally, you have to change the nginx log_format in the http {} section. That can be done through volume binding of a nginx.conf configuration file:

nginx:  ..  volumes:    - /data/nginx/nginx.conf:/etc/nginx/nginx.conf

you'd have nginx.conf with this:

http {  ...  log_format main '$http_x_forwarded_for - $remote_user [$time_local] '  '"$request" $status $body_bytes_sent "$http_referer" '  '"$http_user_agent"' ;

Tested on an AWS ec2, the traefik_nginx service (I called my stack traefik) logs like this:

$ docker service logs -f traefik_nginx...traefik_nginx.1.qpxyjheql5uk@xxx    | 82.253.xxx.xxx - - [20/Jun/2017:08:46:51 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.104 Safari/537.36"