docker - 如何使用 NGINX 入口 Controller 从 Cloudflare 恢复原始客户端 IP

标签 docker nginx kubernetes google-kubernetes-engine cloudflare

我使用 Cloudflare 作为 CDN,它隐藏了客户端的真实 IP 地址
我使用 NGINX 入口 Controller 作为在 Google Kubernetes 引擎中运行的负载均衡器
所以我正在尝试恢复原始 IP 地址并尝试点击此链接 https://support.cloudflare.com/hc/en-us/articles/200170706-How-do-I-restore-original-visitor-IP-with-Nginx-
我如何在 Nginx 入口的 configmap 中实现这一点,因为我需要同一个键“set-real-ip-from”的多个值?

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingressname
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/affinity: "cookie"
    nginx.ingress.kubernetes.io/session-cookie-name: "route"
    nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
    nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
spec:
  tls:
  - hosts:
    - example.com
    secretName: sslcertificate
  rules:
  - host: example.com
    http:
      paths:
      - backend:
          serviceName: service
          servicePort: 80
        path: /

最佳答案

我也遇到了这个问题,我花了很长时间才解决,但显然我需要的只是这个配置:

apiVersion: v1
data:
  # Cloudflare IP ranges which you can find online
  proxy-real-ip-cidr: "173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32"
  # This is the important part
  use-forwarded-headers: "true"
  # Still works without this line because it defaults to X-Forwarded-For, but I use it anyways
  forwarded-for-header: "CF-Connecting-IP"
kind: ConfigMap
metadata:
  name: nginx-configuration
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

IMO 从文档中看这一切都不清楚。我不得不搜索大量问题和实际模板文件本身才能弄清楚。

关于docker - 如何使用 NGINX 入口 Controller 从 Cloudflare 恢复原始客户端 IP,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56489147/

上一篇:kubernetes - 如何从容器中获取部署名称?

下一篇:kubernetes - 错误:apiVersion,种类和名称中的至少一项已更改

相关文章:

kubernetes - 将节点标签注入(inject) Kubernetes pod

kubernetes - Kube-Router卡在CrashLoopBackoff中

docker - Logstash Docker 镜像 - 缺少 logstash 插件吗?

node.js - docker 容器内的 Mongodb 连接错误

ubuntu - 恢复完整的nginx配置

nginx - 如何通过 nginx 通过 HTTPS 连接到安全的 WebSocket SurrealDB 实例?

python - 如何在运行时访问容器内部的环境变量?

docker - 如何验证我的 docker-compose.yml?

docker - Docker提交而不运行

ssl - Certbot 域身份验证失败

©2024 IT工具网  联系我们