Deuxfleurs/infrastructure
Archived
24
2
Fork 2
Code Issues 22 Pull requests Projects 1 Releases Wiki Activity

Stop loosing people IP address in containers #12

New issue
Closed
opened 2020-07-06 06:54:07 +00:00 by quentin · 1 comment
quentin commented 2020-07-06 06:54:07 +00:00
Owner
Copy link

Inside containers, we only see one IP address: 172.17.0.1.
It is not a normal behavior.
I don't quite understand why/how the interaction with Nomad can lead to such a situation. Some links to help diagnose the problem:

My hypothesis:

  • For any reason, the iptables routing is broken
  • We then fallback to docker-proxy, which is... in fact a proxy, and it is its address we see.
  • Maybe we should switch to docker.io

As now, the following negative impacts have been seen:

  • Broken ratelimiting on Dovecot usage
  • Broken ban on Nextcloud connection failure
Inside containers, we only see one IP address: 172.17.0.1. It is not a normal behavior. I don't quite understand why/how the interaction with Nomad can lead to such a situation. Some links to help diagnose the problem: - https://windsock.io/the-docker-proxy/ - http://rabexc.org/posts/docker-networking My hypothesis: - For any reason, the iptables routing is broken - We then fallback to `docker-proxy`, which is... in fact a proxy, and it is its address we see. - Maybe we should switch to docker.io As now, the following negative impacts have been seen: - Broken ratelimiting on Dovecot usage - Broken ban on Nextcloud connection failure
quentin commented 2020-07-06 13:32:41 +00:00
Author
Owner
Copy link

The problem is not with docker-proxy.
We should use X-Forwarded-For and find a solution with Dovecot.
Closing for now.

The problem is not with `docker-proxy`. We should use `X-Forwarded-For` and find a solution with Dovecot. Closing for now.
This repo is archived. You cannot comment on issues.
No Branch/Tag specified
Branches Tags
main
machine/spoutnik
garage04
feature/nix
matrix_s3
feature/upgrade-ansible
feature/nextcloud_impr
feature/enable-traefik-metrics
feature/alps
feature/bind_ipv6
ajout-adrien
feature/rebase
alexvm
No results found.
Labels
Clear labels   
bug

Something does not work as intended

  
deployment

Deploy a new service or a new version

  
design

Plan our architecture

  
feature

Feature requests

  
maintenance

Ensure that services continue to work optimally

  
observability

Monitoring, alert and management stuff

  
review

Review some software

No labels
bug
deployment
design
feature
maintenance
observability
review
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Deuxfleurs/infrastructure#12
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?