如何使用NGINX入口控制器从Cloudflare恢复原始客户端IP [英] How to restore original client IP from Cloudflare with NGINX ingress controller

问题描述

我将Cloudflare用作CDN，并且为客户端隐藏了真实IP地址 我正在使用NGINX入口控制器作为Google Kubernetes引擎中运行的负载均衡器 因此，我试图恢复原始IP地址并尝试遵循此链接

I'm using Cloudflare as CDN and it's hiding the real IP address for the clients I'm using an NGINX ingress controller as a loadbalancer running in Google Kubernetes engine So I'm trying to restore the original IP address and trying to follow this link https://support.cloudflare.com/hc/en-us/articles/200170706-How-do-I-restore-original-visitor-IP-with-Nginx- How can I implement this in the configmap for my Nginx ingress since I need multiple value for the same key "set-real-ip-from" ?

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingressname
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/affinity: "cookie"
    nginx.ingress.kubernetes.io/session-cookie-name: "route"
    nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
    nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
spec:
  tls:
  - hosts:
    - example.com
    secretName: sslcertificate
  rules:
  - host: example.com
    http:
      paths:
      - backend:
          serviceName: service
          servicePort: 80
        path: /

推荐答案

我也遇到了这个问题，花了我很多时间才能修复，但显然我需要的只是这种配置:

I also had this problem and it took me forever to fix but apparently all I needed was this configuration:

apiVersion: v1
data:
  # Cloudflare IP ranges which you can find online
  proxy-real-ip-cidr: "173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32"
  # This is the important part
  use-forwarded-headers: "true"
  # Still works without this line because it defaults to X-Forwarded-For, but I use it anyways
  forwarded-for-header: "CF-Connecting-IP"
kind: ConfigMap
metadata:
  name: nginx-configuration
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

IMO这一点在文档中还不清楚.我必须搜索大量的问题和实际的模板文件本身才能找到答案.

IMO this is all really unclear from the documentation. I had to search through tons of issues and the actual template file itself to figure it out.

这篇关于如何使用NGINX入口控制器从Cloudflare恢复原始客户端IP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！