Ingress-nginx: X-Origin-Forwarded-For and X-Forwarded-For
Currently my network scheme looks like this:
cloudflare->nginx load balancer-(proxy protocol)->nginx ingress controller->application
When I look at the headers inside my app, I see something like this:
{
"headers": {
"host": "myapp.mydomain.com",
"x-request-id": "370a2f0126e4b85176f4370e2cc5b836",
"x-real-ip": "162.158.89.140",
"x-forwarded-for": "162.158.89.140",
"x-forwarded-host": "myapp.mydomain.com",
"x-forwarded-port": "80",
"x-forwarded-proto": "https",
"x-original-uri": "/request",
"x-scheme": "https",
"x-original-forwarded-for": "1.1.1.1",
"accept-encoding": "gzip",
"cf-ipcountry": "RU",
"cf-visitor": "{\"scheme\":\"https\"}",
"upgrade-insecure-requests": "1",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36",
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8",
"accept-language": "ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7",
"cf-connecting-ip": "1.1.1.1"
}
}
My problem is that the app can't parse any headers except X-Forwarded-For that contains Cloudflare's IP.
I tried to set "compute-full-forwarded-for" to true, but got two IPs (client and cloudflare).
I tried to use custom headers configmap with X-Forwarded-For, but got two IPs again.
How to get X-Original-Forwarded-For or Cf-Connecting-Ip value in X-Forwarded-For?
yadvlz
All 12 comments
Closing. Please check https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#forwarded-for-header
aledbf
on 6 Dec 2018
I've checked it before asking the question and don't understand how should it help to me.
yadvlz
on 6 Dec 2018
When I set forwarded-for-header: CF-Connecting-IP, X-Forwarded-For still contains only Cloudflare IP.
yadvlz
on 6 Dec 2018
As I see, I need to use custom nginx template with modified map:
map '' $the_real_ip { {{ if $cfg.UseProxyProtocol }} # Get IP address from Proxy Protocol default $http_cf_connecting_ip; {{ else }} default $remote_addr; {{ end }} }
Is this the correct solution?
yadvlz
on 6 Dec 2018
So, what is the solution ?
zhangyelong
on 13 Mar 2019
As I see, I need to use custom nginx template with modified map:
map '' $the_real_ip { {{ if $cfg.UseProxyProtocol }} # Get IP address from Proxy Protocol default $http_cf_connecting_ip; {{ else }} default $remote_addr; {{ end }} }Is this the correct solution?
This one.
yadvlz
on 13 Mar 2019
Thanks @yadvlz
AmetPreply
on 10 Apr 2019
why is this closed? I looked at the docs and the default setting for forwarded-for-header is X-Forwarded-For which is not working. Is the official solution to use a custom nginx template or can this be fixed?
red8888
on 22 Apr 2019
Closing. Please check https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#forwarded-for-header
set use-forwarded-headers: 'true' is the solution, which is false by default.
https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#use-forwarded-headers
gxthrj
on 5 Jul 2019
@gxthrj That doesn't change the outcome, see #4401
haf
on 6 Aug 2019
As far as I understand the only one solution is using modified nginx.tmpl.
Very sad.
okgolove
on 31 Oct 2019
The documentation is not clear for me, so I finally checked sources and the interesting condition is here:
https://github.com/kubernetes/ingress-nginx/blob/nginx-0.30.0/rootfs/etc/nginx/template/nginx.tmpl#L1130
According to that, I set
compute-full-forwarded-for: "true"
use-forwarded-headers: "true"
and it works for me
szprutamich
on 24 Mar 2020
Related issues
lachlancooper
路
3Comments
juliohm1978
路
3Comments
kfox1111
路
3Comments
oilbeater
路
3Comments
silasbw
路
3Comments
Most helpful comment
why is this closed? I looked at the docs and the default setting for forwarded-for-header is X-Forwarded-For which is not working. Is the official solution to use a custom nginx template or can this be fixed?