[SOLVED] Any idea why IP's are local NAT 10.0.0.X?
I've got a docker swarm cluster running on Appwrite v1.3.8 and it's logging the NAT IP addresses (10.0.0.x) for everything. I'm trying to figure out why and how to fix it. Especially since this would affect rate limits.
There are several servers in the cluster running various parts of Appwrite. The best thought I have is it's some how getting the IPs from a docker network and the solution might have to do with which server is running the main appwrite monolith service.
Any ideas or thoughts on how to debug this?
Another thought I've had is it might be connected to how traefik is configured, but I think I had it configured the same when the IPs were being logged correctly.
What is that IP address? Some reverse proxy you have in front of Appwrite?
no reverse proxy is setup -- I guess the first thing is to figure out where the IP is coming from, but since I think it might be coming from a docker network I'm not as comfortable figuring that out.
The first step is to figure out what IP that is. You may have to inspect various docker networks or containers to see what has that IP
That IP is the up of whatever is sending network requests to traefik/Appwrite
My best theory is that I've got it mis-configured, so the entry point server isn't the one running traefik, so the request is forwarded from that server to the one running traefik.
It's the ingress-endpoint IP address. I found it by running docker network inspect ingress.
ingress-sbox I think is the container
So it's yours and trusted. So you can try configuring traefik to trust this IP address
Ya, I've had to add Cloudflare's IPs as trusted, so I think I just add this one as well. (I'm adding this text so it's easier to find for those searching how to make Cloudflare's IP addressed trusted, as in if all thier appwrite logs, activity, and history show cloudflare IP addresses that are the wrong IP address. You just google and find the cloudflare IPs and do what I did below to add them all separated by a comma and a space for the two traefik commands configs)
Yup, that fixed it!
Thanks!
For other's reference:
I got the full IP address by running docker network inspect ingress (ip with the /xx at the end)
Then I added it to the list of trusted IP addresses in my docker-compose.yml under the traefik command: cofigurations.
Specifically the below configs
--entrypoints.appwrite_web.forwardedHeaders.trustedIPs=
--entrypoints.appwrite_websecure.forwardedHeaders.trustedIPs=
Then I redeployed the docker swarm, and it fixed it.
[Resolved] Any idea why IP's are local NAT 10.0.0.X?
[SOLVED] Any idea why IP's are local NAT 10.0.0.X?
