Changes to Nginx configuration not being applied

I am using Sentry On-Premise with a container running Traefik in front of it to handle SSL termination and LetsEncrypt renewal.

Here is how I have modified the docker-compose.yml to do this:

    << : *restart_policy
    # Don't expose port since we are using Traefik
    #  - '9000:80/tcp'
    image: 'nginx:1.16'
      - type: bind
        read_only: true
        source: ./nginx
        target: /etc/nginx
      - web
      - relay
      - traefik.enable=true
      - traefik.http.routers.sentry.entrypoints=https
      - traefik.http.routers.sentry.rule=Host(``)
      - traefik.http.routers.sentry.tls=true
      - traefik.http.routers.sentry.tls.certresolver=letsencrypt

This means that the logs (viewed with docker-compose logs nginx) show the private IP of the Traefik container instead of the IP of the incoming request.

Since Traefik provides the X-Forwarded-For header, I tried to modify the Nginx configuration (in ./nginx/nginx.conf) as follows:

log_format main '$http_x_forwarded_for - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#  ...

proxy_set_header X-Real-IP $http_x_real_ip;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;

After making these changes, I ran ./ and docker-compose up -d.

The problem is that these changes don’t seem to have applied. When I view the logs, I still see the Traefik container’s address instead of the public IP, and when I make other changes to the log_format line to test, it doesn’t seem like they are taking effect.

Additionally, if I go into the container using docker-compose exec nginx bash, I can see that my changes are there (using cat /etc/nginx/nginx.conf).

So why aren’t my changes being applied?

Looking again, I see that the original log_format already included $http_x_forwarded_for at the end … but the question still remains, why isn’t my change being applied?

I figured out the problem - the log format is defined, but then not used anywhere!

Adding access_log /var/log/nginx/access.log main; fixes it.

1 Like