doh-httpproxy inside docker container: aiohttp_remotes.exceptions.UntrustedIP
Closed this issue · 2 comments
mritzmann commented
Hi! I'd like to use doh-httpproxy
as a docker container. My docker file looks like this.
FROM python:latest
RUN apt-get update \
&& apt-get -y upgrade \
&& apt-get -y install dnsutils \
&& apt-get -y install git \
# && pip3 install doh-proxy \
&& pip3 install git+https://github.com/facebookexperimental/doh-proxy.git
EXPOSE 9000
ENTRYPOINT [ "doh-httpproxy", "--upstream-resolver=8.8.8.8", "--port", "9000", "--listen-address", "0.0.0.0" ]
- Build with:
docker build . --tag doh
- Run with:
docker run -p 127.0.0.1:9000:9000 -it doh
In front of that I have a Nginx Reverse Proxy with HTTPS. If I now test this with doh-stub
, I get the following error from doh-httpproxy
.
root@doh01 /home/doh # docker run -p 127.0.0.1:9000:9000 -it doh
======== Running on http://0.0.0.0:9000 ========
(Press CTRL+C to quit)
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/aiohttp_remotes/x_forwarded.py", line 96, in middleware
ip = remote_ip(self._trusted, ips)
File "/usr/local/lib/python3.7/site-packages/aiohttp_remotes/utils.py", line 54, in remote_ip
check_ip(tr, ip)
File "/usr/local/lib/python3.7/site-packages/aiohttp_remotes/utils.py", line 67, in check_ip
raise UntrustedIP(ip, trusted)
aiohttp_remotes.exceptions.UntrustedIP: (IPv4Address('172.17.0.1'), [IPv6Address('::1'), IPv4Address('127.0.0.1')])
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.7/logging/__init__.py", line 983, in emit
msg = self.format(record)
File "/usr/local/lib/python3.7/logging/__init__.py", line 829, in format
return fmt.format(record)
File "/usr/local/lib/python3.7/logging/__init__.py", line 569, in format
record.message = record.getMessage()
File "/usr/local/lib/python3.7/logging/__init__.py", line 331, in getMessage
msg = msg % self.args
KeyError: 'expected'
Call stack:
File "/usr/local/bin/doh-httpproxy", line 11, in <module>
sys.exit(main())
File "/usr/local/lib/python3.7/site-packages/dohproxy/httpproxy.py", line 152, in main
app, host=args.listen_address, port=args.port, ssl_context=ssl_context)
File "/usr/local/lib/python3.7/site-packages/aiohttp/web.py", line 120, in run_app
loop.run_forever()
File "/usr/local/lib/python3.7/asyncio/base_events.py", line 523, in run_forever
self._run_once()
File "/usr/local/lib/python3.7/asyncio/base_events.py", line 1758, in _run_once
handle._run()
File "/usr/local/lib/python3.7/asyncio/events.py", line 88, in _run
self._context.run(self._callback, *self._args)
File "/usr/local/lib/python3.7/site-packages/aiohttp/web_protocol.py", line 390, in start
resp = await self._request_handler(request)
File "/usr/local/lib/python3.7/site-packages/aiohttp/web_app.py", line 366, in _handle
resp = await handler(request)
File "/usr/local/lib/python3.7/site-packages/aiohttp/web_middlewares.py", line 106, in impl
return await handler(request)
File "/usr/local/lib/python3.7/site-packages/aiohttp_remotes/x_forwarded.py", line 114, in middleware
exc.log(request)
File "/usr/local/lib/python3.7/site-packages/aiohttp_remotes/exceptions.py", line 94, in log
logger.error(msg, context, extra=extra)
Message: 'Untrusted IP: %(ip)s, trusted: %(expected)s'
Arguments: {'ip': IPv4Address('172.17.0.1'), 'trusted': [IPv6Address('::1'), IPv4Address('127.0.0.1')]}
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/aiohttp_remotes/x_forwarded.py", line 96, in middleware
ip = remote_ip(self._trusted, ips)
File "/usr/local/lib/python3.7/site-packages/aiohttp_remotes/utils.py", line 54, in remote_ip
check_ip(tr, ip)
File "/usr/local/lib/python3.7/site-packages/aiohttp_remotes/utils.py", line 67, in check_ip
raise UntrustedIP(ip, trusted)
aiohttp_remotes.exceptions.UntrustedIP: (IPv4Address('172.17.0.1'), [IPv6Address('::1'), IPv4Address('127.0.0.1')])
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.7/logging/__init__.py", line 983, in emit
msg = self.format(record)
File "/usr/local/lib/python3.7/logging/__init__.py", line 829, in format
return fmt.format(record)
File "/usr/local/lib/python3.7/logging/__init__.py", line 569, in format
record.message = record.getMessage()
File "/usr/local/lib/python3.7/logging/__init__.py", line 331, in getMessage
msg = msg % self.args
KeyError: 'expected'
Call stack:
File "/usr/local/bin/doh-httpproxy", line 11, in <module>
sys.exit(main())
File "/usr/local/lib/python3.7/site-packages/dohproxy/httpproxy.py", line 152, in main
app, host=args.listen_address, port=args.port, ssl_context=ssl_context)
File "/usr/local/lib/python3.7/site-packages/aiohttp/web.py", line 120, in run_app
loop.run_forever()
File "/usr/local/lib/python3.7/asyncio/base_events.py", line 523, in run_forever
self._run_once()
File "/usr/local/lib/python3.7/asyncio/base_events.py", line 1758, in _run_once
handle._run()
File "/usr/local/lib/python3.7/asyncio/events.py", line 88, in _run
self._context.run(self._callback, *self._args)
File "/usr/local/lib/python3.7/site-packages/aiohttp/web_protocol.py", line 390, in start
resp = await self._request_handler(request)
File "/usr/local/lib/python3.7/site-packages/aiohttp/web_app.py", line 366, in _handle
resp = await handler(request)
File "/usr/local/lib/python3.7/site-packages/aiohttp/web_middlewares.py", line 106, in impl
return await handler(request)
File "/usr/local/lib/python3.7/site-packages/aiohttp_remotes/x_forwarded.py", line 114, in middleware
exc.log(request)
File "/usr/local/lib/python3.7/site-packages/aiohttp_remotes/exceptions.py", line 95, in log
logger.error(msg, context, extra=extra)
Message: 'Untrusted IP: %(ip)s, trusted: %(expected)s'
Arguments: {'ip': IPv4Address('172.17.0.1'), 'trusted': [IPv6Address('::1'), IPv4Address('127.0.0.1')]}
I am not good at Python, but the following seems to be important to me:
aiohttp_remotes.exceptions.UntrustedIP: (IPv4Address('172.17.0.1'), [IPv6Address('::1'), IPv4Address('127.0.0.1')])
AIOHTTP only allow requests from localhost.
Is this a bug of doh-httpproxy
or a configuration error of mine?
chantra commented
From doh-httpproxy -h
help page
--trusted [TRUSTED [TRUSTED ...]]
Trusted reverse proxy list separated by space ['::1',
'127.0.0.1']. If you do not want to add a trusted
trusted reverse proxy, just specify this flag with
empty parameters.
From you error message, I would guess the incoming query from your reverse proxy is 172.17.0.1. You should whitelist it.
mritzmann commented
Oops, thanks!