Without the proxy_protocol flag the network flow (tcpdump) from
eno0 <–> lxdbr0 <–> proxy container <–> webservices_containers
works like a charm but: The real ips / remote ips are not handed over to the proxy and also not to the lxdbr0 from eno0, so there is only localhost or the container ip visible with tcpdump and subsequently in the headers.
With the protocol enabled i can see no flow between eno0 and lxdbr0 …
Any hints how to set this up proberly that the remote ips are handed over?
That tutorial is from five years ago and since then this forum has switched to supporting Incus. It’s quite easy to migrate, Migrating from LXD - Incus documentation. Then, the commands are mostly the same. You replace lxc with incus.
Speaking on old tutorials, I should contact Linode to update the tutorial for Incus.
Yes. Also, start a new thread if the issue persists.
Note that the way the PROXY protocol works, is that it adds extra bytes at the start of each connection, and in those bytes it has the information of the originator IP address. This means that you need to make sure that all relevant services are aware of the PROXY protocol. That is, Incus will be adding the extra bytes and then the nginx service in the proxy container will be processing/removing those extra bytes before handing over the connection to the destination container.
Okay i managed to migrate my containers to incus. Now the picture is the same:
If i add the proxy_protocol=true to my proxy device is loading forever. It seems that i can reach the proxy container but when i curl it get 400 Bad request.
Removing fixes the issue, but than the real ip addresses are not handed over (as far as I see)…
Besides:
I installed nginx proxy manager via docker inside an alpine 3.20 container…
nginx-proxy-manager creates a Docker container with nginx to be used as a reverse-proxy.
You can also perform this task manually, as described in the tutorial. With much less resources.
Therefore, start a new discussion thread, and focus on what needs to be achieved. As a group, the aim is to produce material that when, in the future, someone else reads this, they will find something useful for their case as well when using Incus.
As an aside: you could instead set NAT mode for the proxy device, then you wouldn’t need proxy_protocol at all; the container would just see the incoming connection from the external IP address.
This is an incus feature; I don’t know if it exists in lxd.
The main downside is that you have to specify the external IP address that is used for accepting incoming connections - i.e. you can’t bind the proxy to 0.0.0.0. Hence this won’t work if your host has a dynamic outside IP address.
He there!
Thanks for the advise here! I managed to setup the reverse proxy as described in the tutorial (and simos advised me) – it works very well. And besides: Running the nginx proxy inside an alpine container is astonishing: I mean my server is not under heavy load (only about 30 users using it frequently) but the reverse proxy only uses ~10MB memory and more or less non cpu! Crazy…Thanks for the help and good advices here – especially the two veteran specialists here – i guess without them 90% of our containers and projects won´t run
