Known issue with src_ip and TIBCO Mashery Local on Docker+Swarm
Article ID: KB0073553
Updated On:
| Products | Versions |
|---|---|
| TIBCO Cloud API Management - Local Edition | 5.x and above |
Description
#Issue
When a client sends a request to this cluster
- the ip address captured in the src_ip is not the clien'ts actual ip address.
-- but It is docker's 'ingress-sbox' ip address
#Observations
> This can be verified by running the below command on the docker node that received the request:
docker inspect ingress
> Because of this issue, IP-based connectors will not work as configured, as the incorrect src_ip is captured.
> If the client sends 'X-Forwarded-For' header with an ip-address, it will be captured instead.
#Reason
Here is the page where this issue is explained:
https://dev.to/sshivasurya/get-remote-ip-address-of-the-client-in-container-when-using-reverse-proxy-as-nginx-in-docker-swarm-43ie
When Docker Swarm acts as a Load Balancer, it does not add x-forwarded-for with the actual client ip.
When a client sends a request to this cluster
- the ip address captured in the src_ip is not the clien'ts actual ip address.
-- but It is docker's 'ingress-sbox' ip address
#Observations
> This can be verified by running the below command on the docker node that received the request:
docker inspect ingress
> Because of this issue, IP-based connectors will not work as configured, as the incorrect src_ip is captured.
> If the client sends 'X-Forwarded-For' header with an ip-address, it will be captured instead.
#Reason
Here is the page where this issue is explained:
https://dev.to/sshivasurya/get-remote-ip-address-of-the-client-in-container-when-using-reverse-proxy-as-nginx-in-docker-swarm-43ie
When Docker Swarm acts as a Load Balancer, it does not add x-forwarded-for with the actual client ip.
Issue/Introduction
This article discusses the known issue with the src_ip captured on a TIBCO Mashery Local cluster on Docker+Swarm.
Environment
Docker+Swarm
Resolution
Here are two workarounds for this behavior
W1) Have the client send the 'X-Forwarded-For' header with its IP Address
W2) Use a reverse proxy that can add the 'X-Forwarded-For' header based on the incoming client request.
for e.g: using the the below settings ApacheHTTP can be used for this:
-----------
ProxyPass /uri http://<TM/Master_HOST>/uri
ProxyPassReverse /uri http://<TM/Master_HOST>/uri
ProxyPreserveHost On
ProxyAddHeaders On
-----------------
W1) Have the client send the 'X-Forwarded-For' header with its IP Address
W2) Use a reverse proxy that can add the 'X-Forwarded-For' header based on the incoming client request.
for e.g: using the the below settings ApacheHTTP can be used for this:
-----------
ProxyPass /uri http://<TM/Master_HOST>/uri
ProxyPassReverse /uri http://<TM/Master_HOST>/uri
ProxyPreserveHost On
ProxyAddHeaders On
-----------------
Feedback
Yes
No
Powered by
