问题一:nginx 做方向代理取到的客户端地址不正确
# http 模块下添加
real_ip_header X-Forwarded-For;
real_ip_recursive on;
set_real_ip_from 0.0.0.0/0;
# location 下添加
proxy_set_header Host $host; # 注意 host 根据需要换成你自己对应的域名
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
问题二:ingress-nginx-control 里面获取的 ip 地址不正确
通过 "容器服务 Kubernetes" -> "应用目录" 安装的 "ack-ingress-nginx" 缺少配置,导致 client ip 没有传入
参考官网文档:https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#use-forwarded-headers
解决办法: 添加 use-forwarded-headers: "true" 配置
kubectl get cm ack-ingress-nginx-intranet-controller -n infra -o yaml
apiVersion: v1
data:
allow-backend-server-header: "true"
enable-underscores-in-headers: "true"
generate-request-id: "true"
ignore-invalid-headers: "true"
log-format-upstream: $remote_addr - [$remote_addr] - $remote_user [$time_local]
"$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length
$request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length
$upstream_response_time $upstream_status $req_id $host
max-worker-connections: "65536"
proxy-body-size: 20m
proxy-connect-timeout: "10"
reuse-port: "true"
server-tokens: "false"
ssl-redirect: "false"
use-forwarded-headers: "true" # 添加的配置
worker-cpu-affinity: auto
kind: ConfigMap
metadata:
creationTimestamp: "2020-08-11T03:15:20Z"
labels:
app: ack-ingress-nginx
chart: ack-ingress-nginx-1.34.2
component: controller
heritage: Helm
release: ack-ingress-nginx-intranet
name: ack-ingress-nginx-intranet-controller
namespace: infra
resourceVersion: "459751552"
selfLink: /api/v1/namespaces/infra/configmaps/ack-ingress-nginx-intranet-controller
uid: 8ba30676-e0cb-4ed9-83c0-406322b5116b