stackoom
  简体   繁体   中英

How to forward client IP address from CloudFlare to Kubernetes NGINX ingress controller?

 原文  2022-09-05 10:26:46       nginx/ kubernetes/ cloudflare/ nginx-ingress/ ingress-controller

Question

I'm using CloudFlare as DNS server for the system and need of whitelist IP for some domains of the system. I managed to do this but when I enable Proxy status feature for domain on CloudFlare I get 403 Forbidden error because CloudFlare forwards its own IP for ingress instead of client IP address.
I found a tutorial here .
Is there any other way to solve this problem?
Here is the CloudFlare configuration.

在此处输入图像描述

Here is the ingress configuration.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: admin-ingress
  namespace: machine-learning
  labels:
    app.kubernetes.io/managed-by: Helm
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: 50m
    nginx.ingress.kubernetes.io/whitelist-source-range: 184.90.9.99,183.88.6.88
spec:
  rules:
    - host: "admin.xxx.com"
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              service:
                name: admin-service
                port:
                  name: http

And this is the error I get

在此处输入图像描述

Any contribution is greatly appreciated.
Best regards,

2 answers

solution1
 0  2022-09-05 11:30:53

Please add this line real_ip_header CF-Connecting-IP; in your Nginx config file to forward the original client IP address to the server.

solution2
 0  2022-09-06 03:16:06

try this https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#configuration-snippet

nginx.ingress.kubernetes.io/configuration-snippet: |
  real_ip_header CF-Connecting-IP;

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to create reverse proxy that forward traffic to kubernetes ingress controller such as haproxy ingress or nginx ingress nginx ingress controller forward source ip How to reference the EXTERNAL-IP from ingress-nginx-controller in a kubernetes deployment specification? Preserve client IP address without setting externalTrafficPolicy=Local using nginx ingress controller for further IP whitelisting How to access MySql hosted with Nginx Ingress+Kubernetes from client How to append Nginx IP to X-Forwarded-For in Kubernetes Nginx Ingress Controller Ingress-Nginx w/ Kubernetes not getting IP address Configuring Static IP address with Ingress Nginx Sticky Session on Azure Kubernetes kubernetes ingress controller with cluster ip service and default nginx not working as expected How to stop the client IP address getting lost in a Cloudflare/Docker/NGINX/LAMP site?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM