x_forwarded_for header

[jsalatiel]

Hi bootc , thanks for this helm chart, it works great!

I have a question, though. If I remind correctly, old versions of netbox used to have nginx as a requirement for serving static content, but in this chart I have absolutely no idea how the content is served. I only see some unitd processes:

PID   USER     TIME  COMMAND
    1 1000      0:00 {unitd} unit: main v1.22.0 [unitd --no-daemon --control unix:/opt/unit/unit.sock --pid /opt/unit/unit.pid --log /dev/stdout --state /opt/unit/state/ --tmp /opt/unit/tmp/]
   15 1000      0:00 {unitd} unit: controller
   16 1000      0:00 {unitd} unit: router
   20 1000      0:04 {unitd} unit: "netbox" application
   46 1000      0:05 {unitd} unit: "netbox" application
   48 1000      0:05 {unitd} unit: "netbox" application

Anyways, my question is : Is there anyway to make the real client IP appears in the log files for this chart ?
In plain nginx I could just set some parameters and it would work. On this chart I have no idea how to make it work.

Thanks!

[bootc]

This is a limitation of netbox-docker, which now uses NGINX Unit. It looks like support for this is simply missing from NGINX Unit: nginx/unit#132. Sorry.

[jsalatiel]

@bootc Will you update to unit 1.25 to allow this ?

[bootc]

This needs to be fixed in netbox-docker, not in this chart, so you'd need to ask there. As of the quay.io/netboxcommunity/netbox:v3.0.2 image this includes Unit 1.23. It looks like the netbox-docker project just pulls Unit from Alpine, so we'll likely need to wait for Alpine 3.15 and then a netbox-docker release that updates the Alpine base image.

[jsalatiel]

Understood. Thanks!

[bootc]

I've created an issue (in netbox-docker) to update the NetBox Docker image with Alpine 3.15 (released earlier this week) which contains Unit 1.26: netbox-community/netbox-docker#654

[bootc]

NetBox 3.2.1 still appears to use Alpine 3.14, so this still isn't fixed.

[jsalatiel]

Any news?

[bootc]

We're almost there! The NetBox 3.2.6 container is now built from netbox-community/netbox-docker@2.0.0 and includes NGINX Unit 1.27.0.

In theory you should be able to pass a modified version of /etc/unit/nginx-unit.json which enables the functionality on the listener. I haven't yet tried this.

[jsalatiel]

I haven't been able to make it work :(

[RangerRick]

It looks like the current docker images are up to unit 1.32, is this still an issue?

[bootc]

I haven't tested this, but it should be OK with recent NetBox and the 5.0 chart, but you'll need to override the NGINX Unit configuration in the chart to include the necessary runes to enable it.

https://unit.nginx.org/configuration/#ip-protocol-forwarding
https://unit.nginx.org/news/2021/unit-1.25.0-released/