Greetings. Using the docs and forum I have set up an instance with an nginx proxy in front. These containers are on separate hosts.
router -> nginx proxy in a docker container -> peertube in a docker container
Nginx is set to forward the real IP address. Still peertube shows a docker IP. Any links explaining how to fix this? Details follows.
Peertube log:
[tv.users.no:443] 2024-04-12 11:02:38.754 info: 172.22.0.0 - - [12/Apr/2024:11:02:38 +0000] "GET / HTTP/1.0" 304 - "-" "Firefox"
[tv.users.no:443] 2024-04-12 11:02:38.857 info: 172.22.0.0 - - [12/Apr/2024:11:02:38 +0000] "GET /api/v1/config/ HTTP/1.0" 304 - "https://tv.users.no/" "Firefox"
[tv.users.no:443] 2024-04-12 11:02:38.860 info: 172.22.0.0 - - [12/Apr/2024:11:02:38 +0000] "GET /api/v1/videos/languages HTTP/1.0" 304 - "https://tv.users.no/" "Firefox"
[tv.users.no:443] 2024-04-12 11:02:38.862 info: 172.22.0.0 - - [12/Apr/2024:11:02:38 +0000] "GET /api/v1/oauth-clients/local HTTP/1.0" 304 - "https://tv.users.no/" "Firefox"
.env:
(These are probably not used, as I don’t run a webserver on the host where peertube is running)
PEERTUBE_WEBSERVER_HOSTNAME=tv.users.no
PEERTUBE_WEBSERVER_PORT=443
PEERTUBE_WEBSERVER_HTTPS=true
PEERTUBE_TRUST_PROXY=[« 127.0.0.1 », « loopback », « 172.0.0.0/8 », « 192.168.1.11 »]
My nginx log which shows correct IP:
157.111.111.7 - - [12/Apr/2024:11:02:38 +0000] "GET /api/v1/videos/languages HTTP/2.0" 304 0 "https://tv.users.no/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0" "-"
157.111.111.7 - - [12/Apr/2024:11:02:38 +0000] "GET /api/v1/oauth-clients/local HTTP/2.0" 304 0 "https://tv.users.no/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0" "-"
157.111.111.7 - - [12/Apr/2024:11:02:38 +0000] "GET /api/v1/videos/categories HTTP/2.0" 304 0 "https://tv.users.no/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0" "-"
Nginx config:
# https://raw.githubusercontent.com/Chocobozzz/PeerTube/master/support/nginx/peertube
upstream backend {
server 192.168.1.5:9000;
}
server {
listen 8443 ssl http2;
listen [::]:8443 ssl http2;
server_name tv.users.no; ###
access_log logs/tv.users.no.access.log main;
include conf.d/default.include;
include conf.d/ssl.include;
client_body_buffer_size 10M;
client_max_body_size 10M;
##
# Application
##
location @api {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 100k; # default is 1M
proxy_connect_timeout 10m;
proxy_send_timeout 10m;
proxy_read_timeout 10m;
send_timeout 10m;
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 64;
proxy_buffers 240 240k;
proxy_buffer_size 240k;
proxy_busy_buffers_size 240k;
proxy_pass http://backend;
}
location / {
try_files /dev/null @api;
}
location = ^/api/v1/videos/upload-resumable|([^/]+/source/replace-resumable))$ {
client_max_body_size 0;
proxy_request_buffering off;
try_files /dev/null @api;
}
location ~ ^/api/v1/videos/(upload|([^/]+/studio/edit))$ {
limit_except POST HEAD { deny all; }
# This is the maximum upload size, which roughly matches the maximum size of a video file.
# Note that temporary space is needed equal to the total size of all concurrent uploads.
# This data gets stored in /var/lib/nginx by default, so you may want to put this directory
# on a dedicated filesystem.
client_max_body_size 12G; # default is 1M
add_header X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
try_files /dev/null @api;
}
location ~ ^/api/v1/runners/jobs/[^/]+/(update|success)$ {
client_max_body_size 12G; # default is 1M
add_header X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
try_files /dev/null @api;
}
location ~ ^/api/v1/(videos|video-playlists|video-channels|users/me) {
client_max_body_size 6M; # default is 1M
add_header X-File-Maximum-Size 4M always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
try_files /dev/null @api;
}
##
# Websocket
##
location @api_websocket {
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 64;
proxy_buffers 240 240k;
proxy_buffer_size 240k;
proxy_busy_buffers_size 240k;
proxy_pass http://backend;
}
location /socket.io {
try_files /dev/null @api_websocket;
}
location /tracker/socket {
# Peers send a message to the tracker every 15 minutes
# Don't close the websocket before then
proxy_read_timeout 15m; # default is 60s
try_files /dev/null @api_websocket;
}
# Plugin websocket routes
location ~ ^/plugins/[^/]+(/[^/]+)?/ws/ {
try_files /dev/null @api_websocket;
}
}