3

I want to use http://nginx.org/en/docs/http/ngx_http_realip_module.html which directs to enable --with-http_realip_module to use it.

I am using docker to use this nginx

FROM nginx:alpine

COPY default.conf /etc/nginx/conf.d/default.conf

Now how to enable this module in this docker? Can I pass some argument while docker run or I need to change dockerfile?

coderelliot
  • 421
  • 5
  • 15

1 Answers1

3

nginx is built with --with-http_realip_module by default.

you can verify whether the module is built by examine nginx:alpine docker images

$ docker run --rm nginx:alpine nginx -V
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
nginx version: nginx/1.19.6
built by gcc 9.3.0 (Alpine 9.3.0)
built with OpenSSL 1.1.1g  21 Apr 2020 (running with OpenSSL 1.1.1i  8 Dec 2020)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --with-perl_modules_path=/usr/lib/perl5/vendor_perl --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-Os -fomit-frame-pointer' --with-ld-opt=-Wl,--as-needed

as you can see --with-http_realip_module is there.

all you need to do, is to configure nginx appropriately (in nginx.conf)

for instance:

set_real_ip_from  192.168.1.0/24;
set_real_ip_from  192.168.2.1;
set_real_ip_from  2001:0db8::/32;
real_ip_header    X-Forwarded-For;
real_ip_recursive on;
Mr.
  • 9,429
  • 13
  • 58
  • 82
  • 2
    Ok. Got that. But then why in the official doc they have written this module is not built by default? https://nginx.org/en/docs/http/ngx_http_realip_module.html – coderelliot Jan 04 '21 at 11:17
  • @coderelliot: sorry, i had a typo. thank you for pointing it out, i have corrected it. i am glad it helped you :) – Mr. Jan 04 '21 at 12:55