Docker noob here. Anyone seeing Docker on Mac getting IPs completely mixed up, where destination IPs are getting assigned as the source IP? Isn't that like… a security issue? Or am I being a noob? (New Mac mini, new Docker install, no iCloud Private Relay, no VPN)
Discussion
Loading...
Aaaannnd I switched to OrbStack instead of Docker and it just worked immediately. Seems to be this Docker bug, thanks for the OrbStack advice y'all https://github.com/docker/for-mac/issues/7824
@christianselig unrelated but, what app do you use for annotating your screenshots?
@christianselig This is expected in Docker Mac (it will work on Linux, not on Mac). You need to use “host” network mode if you want to see the real IP addresses. In the default docker bridge network you will not see the true origin IP. https://forums.docker.com/t/real-ip-addresses-in-the-log-nginx/138141/6
@preya Yeah, I'd totally understand an internal Docker IP (they even document the range), the issue is that it's a public, existing IP that it encountered earlier and it's misrepresenting it as my source/local IP to all the other services in my container
@christianselig definitely looks very unusual. Maybe some environment variables for the docker compose stuff at play here? What happens if you just run an empty alpine nginx container (in a different directory) without the jellyfin stuff?
@can I wish it was just nginx, it came up in conflict logs in other services, I just used nginx because it was a simple way to display the bug. This is also after a brand new Docker install
Running nginx alone is obviously fine, the issue is that Docker seemingly latches onto random IPs (like the Jellyfin one in this case, but I've seen it with others too) and it effectively becomes the internal/container IP for whatever reason
@christianselig treat yourself and use https://orbstack.dev/
@christianselig Use OrbStack for Docker stuff on the Mac https://orbstack.dev
@christianselig After you run the container, a unique string is displayed
docker inspect -f \
'{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' \ <unique string from above >
Will show the container IP address
@Sylocule For sure, the issue is that this isn't the container/internal IP address, it's a random public Jellyfin IP haha 167.71.248.173
@christianselig The IP resolves to nyc2.mirror.jellyfin.org, but I can’t explain why either
@christianselig I’m not a network guy but from what I remember there’s an internal Docker network that is being used by host/containers to communicate to each other
You can find the network details if you run $docker inspect <container>
@alex Yeah, I'd totally understand an internal Docker IP (they even document the range), the issue is that it's a public, existing IP that it encountered earlier
@alex @christianselig usually that's a 172.x private IP.
I just tried Christian's exact config on Linux, and the nginx container logged the source IP as 172.19.0.1, which is my host's docker IP address
@gnb @christianselig I did the same on Mac with Orbstack and got 192.168.147.2 for the container and 192.168.147.1 for its gateway. I guess it is controlled/configured by Docker engine?
@alex @gnb @christianselig Yes, this is controlled by the engine.
@Typ0genius @alex @christianselig and configurable; the default 172 range conflicts with my work VPN so I had to change it when running Docker on Mac.