Visitors origin IP not shown in audit log - dockerized installation #3905

New Issue

OVERLORD · 2026-02-05T07:49:28+03:00

OVERLORD commented

2026-02-05 07:49:28 +03:00

Originally created by @towerplease on GitHub (Jul 6, 2023).

Attempted Debugging

I have read the debugging page

Searched GitHub Issues

I have searched GitHub for the issue.

Describe the Scenario

I use a dockerized installation, which i migrated 2 months ago from a classic installation.
Earlier, i used a nginx proxy to access bookstack and i have added header-forward-rules to nginx proxy, so the origin ip is shown in audit log.
After migration, i only see the docker-network gateway in audit log. I guess i need to confige something similar in docker-network to get real origin ip-address?

Exact BookStack Version

23.06.1

Log Content

PHP Version

docker -> No idea which php-Version this uses

Hosting Environment

VPS with ubuntu 22.04 and docker-compose (portainer).
Docker-compose.yml:

version: "2"
services:
bookstack:
image: lscr.io/linuxserver/bookstack
container_name: bookstack
environment:
# Konfiguration über .env File in app_data/www/.env
- PUID=1000
- PGID=1000
- APP_URL=https://doku.madgeeks.de
- DB_HOST=bookstack_db
- DB_PORT=3306
- DB_USER=bookstack
- DB_PASS=AAAAAAAAAAA
- DB_DATABASE=bookstackapp
volumes:
- /mnt/docker/volume/bookstack/app_data:/config
ports:
- 6875:80
restart: unless-stopped
depends_on:
- bookstack_db
labels:
- "com.centurylinklabs.watchtower.enable=true"
bookstack_db:
image: lscr.io/linuxserver/mariadb
container_name: bookstack_db
environment:
- PUID=1000
- PGID=1000
- MYSQL_ROOT_PASSWORD=AAAAAAAAAAA
- TZ=Europe/Berlin
- MYSQL_DATABASE=bookstackapp
- MYSQL_USER=bookstack
- MYSQL_PASSWORD=AAAAAAAAAAA
volumes:
- /mnt/docker/volume/bookstack/db_data:/config
restart: unless-stopped
labels:
- "com.centurylinklabs.watchtower.enable=true"

Originally created by @towerplease on GitHub (Jul 6, 2023). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario I use a dockerized installation, which i migrated 2 months ago from a classic installation. Earlier, i used a nginx proxy to access bookstack and i have added header-forward-rules to nginx proxy, so the origin ip is shown in audit log. After migration, i only see the docker-network gateway in audit log. I guess i need to confige something similar in docker-network to get real origin ip-address? ### Exact BookStack Version 23.06.1 ### Log Content ![image](https://github.com/BookStackApp/BookStack/assets/21177236/73921b25-6764-4c0b-ad31-a0bc6702f9cf) ### PHP Version docker -> No idea which php-Version this uses ### Hosting Environment VPS with ubuntu 22.04 and docker-compose (portainer). Docker-compose.yml: version: "2" services: bookstack: image: lscr.io/linuxserver/bookstack container_name: bookstack environment: # Konfiguration über .env File in app_data/www/.env - PUID=1000 - PGID=1000 - APP_URL=https://doku.madgeeks.de - DB_HOST=bookstack_db - DB_PORT=3306 - DB_USER=bookstack - DB_PASS=AAAAAAAAAAA - DB_DATABASE=bookstackapp volumes: - /mnt/docker/volume/bookstack/app_data:/config ports: - 6875:80 restart: unless-stopped depends_on: - bookstack_db labels: - "com.centurylinklabs.watchtower.enable=true" bookstack_db: image: lscr.io/linuxserver/mariadb container_name: bookstack_db environment: - PUID=1000 - PGID=1000 - MYSQL_ROOT_PASSWORD=AAAAAAAAAAA - TZ=Europe/Berlin - MYSQL_DATABASE=bookstackapp - MYSQL_USER=bookstack - MYSQL_PASSWORD=AAAAAAAAAAA volumes: - /mnt/docker/volume/bookstack/db_data:/config restart: unless-stopped labels: - "com.centurylinklabs.watchtower.enable=true"

OVERLORD added the 🐕 Support label 2026-02-05 07:49:28 +03:00

OVERLORD closed this issue

2026-02-05 07:49:29 +03:00

OVERLORD commented

2026-02-05 07:49:30 +03:00

@ssddanbrown commented on GitHub (Jul 6, 2023):

Hi @towerplease, Couple of questions:

Do you use Cloudflare in front of your instance?
Do you have any other proxies in front of your instance?

Additionally, If using, I'd advise against using watchtower to auto-update the bookstack or bookstack database containers.
If possible (I'm not familiar with watchtower) have it just alter you so you can run the upgrade yourself.

@ssddanbrown commented on GitHub (Jul 6, 2023): Hi @towerplease, Couple of questions: - Do you use Cloudflare in front of your instance? - Do you have any other proxies in front of your instance? Additionally, If using, I'd advise against using watchtower to auto-update the bookstack or bookstack database containers. If possible (I'm not familiar with watchtower) have it just alter you so you can run the upgrade yourself.

OVERLORD commented

2026-02-05 07:49:34 +03:00

@towerplease commented on GitHub (Jul 6, 2023):

Hi @ssddanbrown

thanks for the fast reply.

Yeah, i use Cloudflare via cloudflared (also dockerized) in cloudflare-tunnels. Its configured via Cloudflare Access. But i think i have no issue there, because cloudflared is routing without masquerading the origin IP. No other proxies are currently in between (except default docker-routing from my home-network to the docker-IP -> 192.168.178.0/24<->172.26.0.0/16)

As written, i think i need to "configure" the docker-network to not masquerade the origin IP, if this is even possible(?).

Sure, i know the risk of auto-updating. But i have multiple backups:

watchtower updates once a week.
Full Docker-Host backup every day.
bookstack backup (via commandline) also every day.

But thanks for the advice, regarding auto-updates.

@towerplease commented on GitHub (Jul 6, 2023): Hi @ssddanbrown thanks for the fast reply. Yeah, i use Cloudflare via cloudflared (also dockerized) in cloudflare-tunnels. Its configured via Cloudflare Access. But i think i have no issue there, because cloudflared is routing without masquerading the origin IP. No other proxies are currently in between (except default docker-routing from my home-network to the docker-IP -> 192.168.178.0/24<->172.26.0.0/16) As written, i think i need to "configure" the docker-network to not masquerade the origin IP, if this is even possible(?). Sure, i know the risk of auto-updating. But i have multiple backups: 1. watchtower updates once a week. 2. Full Docker-Host backup every day. 3. bookstack backup (via commandline) also every day. But thanks for the advice, regarding auto-updates.

OVERLORD commented

2026-02-05 07:49:37 +03:00

@ssddanbrown commented on GitHub (Jul 6, 2023):

@towerplease Ah, Okay, fair enough if you have solid backups. I just get nervous as I've see a pattern of issues due to interrupted updates.

For the IP, It's hard to see where exactly things might be getting dropped, but I'll point to a couple of elements that may help:

We have an APP_PROXIES option as can be seen here, which when configured can allow BookStack to take the IP from the "X-Forwarded-For" header, providing an alternative path of IP travel (Would have to check if the other parts in play provide, or can provide, this).
With the linuxserver image you do get access to the nginx site config within the nginx path of the mounted container /config volume. If you can find a header with the right IP you could use nginx realip like shown in this stack overflow page.

This linuxserver thread may also provide some extra clues.
Otherwise, I'm not too familiar with how docker networks themselves may interact with the incoming IP. I wouldn't have expected that to be an issue but could totally depend on the type of networking at play.

@ssddanbrown commented on GitHub (Jul 6, 2023): @towerplease Ah, Okay, fair enough if you have solid backups. I just get nervous as I've see a pattern of issues due to interrupted updates. For the IP, It's hard to see where exactly things might be getting dropped, but I'll point to a couple of elements that may help: - We have an `APP_PROXIES` option [as can be seen here](https://github.com/BookStackApp/BookStack/blob/a9194ffb638464a7724244481df6cc3e129b9b92/.env.example.complete#L49-L55), which when configured can allow BookStack to take the IP from the `"X-Forwarded-For"` header, providing an alternative path of IP travel (Would have to check if the other parts in play provide, or can provide, this). - With the linuxserver image you do get access to the nginx site config within the `nginx` path of the mounted container `/config` volume. If you can find a header with the right IP you could use nginx `realip` like shown in [this stack overflow page](https://serverfault.com/questions/314574/nginx-real-ip-header-and-x-forwarded-for-seems-wrong). [This linuxserver thread](https://github.com/linuxserver/docker-bookstack/issues/172) may also provide some extra clues. Otherwise, I'm not too familiar with how docker networks themselves may interact with the incoming IP. I wouldn't have expected that to be an issue but could totally depend on the type of networking at play.

OVERLORD commented

2026-02-05 07:49:42 +03:00

@towerplease commented on GitHub (Jul 6, 2023):

@ssddanbrown
It's alright, also this environment is private, just for me, so non-productive :) Otherwise, i am 100% with you, should never have prod-applications on auto-update.

I see, i have some configurable option within the mounted volume (nginx).

I will try some configuration the next days and reply when i found a solution :)

Thank you very much for providing support and the possible configs.

@towerplease commented on GitHub (Jul 6, 2023): @ssddanbrown It's alright, also this environment is private, just for me, so non-productive :) Otherwise, i am 100% with you, should never have prod-applications on auto-update. I see, i have some configurable option within the mounted volume (nginx). I will try some configuration the next days and reply when i found a solution :) Thank you very much for providing support and the possible configs.

OVERLORD commented

2026-02-05 07:49:47 +03:00

@towerplease commented on GitHub (Jul 11, 2023):

Hey @ssddanbrown

i just want to let you know, that the info you provided helped me to get it working.

What i changed:

I added APP_PROXIES in ".env" and configured my Host-IP and the Docker-Gateway-IP -> 192.168.178.10,172.26.0.1

Then i added the following config in the nginx-config inside the bookstack-volume:

"nginx/site-confs/default.conf"

proxy_set_header    X-Real-IP        $remote_addr;
proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;

After that, i restarted the containers.

And it is working. Now my real IPv6/IPv4 address is shown in Audit-Log instead of the docker-gateway.

Again, thank you very much for your help. Isse solved!

@towerplease commented on GitHub (Jul 11, 2023): Hey @ssddanbrown i just want to let you know, that the info you provided helped me to get it working. What i changed: I added APP_PROXIES in ".env" and configured my Host-IP and the Docker-Gateway-IP -> 192.168.178.10,172.26.0.1 Then i added the following config in the nginx-config inside the bookstack-volume: "nginx/site-confs/default.conf" proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; After that, i restarted the containers. And it is working. Now my real IPv6/IPv4 address is shown in Audit-Log instead of the docker-gateway. Again, thank you very much for your help. Isse solved!

OVERLORD commented

2026-02-05 07:49:49 +03:00

@ssddanbrown commented on GitHub (Jul 11, 2023):

Good to hear you get things working, thanks for sharing the solution for your environment!

@ssddanbrown commented on GitHub (Jul 11, 2023): Good to hear you get things working, thanks for sharing the solution for your environment!

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#3905