問題一:nginx 做方向代理取到的客戶端地址不正確
# http 模塊下添加
real_ip_header X-Forwarded-For;
real_ip_recursive on;
set_real_ip_from 0.0.0.0/0;
# location 下添加
proxy_set_header Host $host; # 注意 host 根據需要換成你自己對應的域名
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
問題二:ingress-nginx-control 里面獲取的 ip 地址不正確
通過 "容器服務 Kubernetes" -> "應用目錄" 安裝的 "ack-ingress-nginx" 缺少配置,導致 client ip 沒有傳入
參考官網文檔:https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#use-forwarded-headers
解決辦法: 添加 use-forwarded-headers: "true" 配置
kubectl get cm ack-ingress-nginx-intranet-controller -n infra -o yaml
apiVersion: v1
data:
allow-backend-server-header: "true"
enable-underscores-in-headers: "true"
generate-request-id: "true"
ignore-invalid-headers: "true"
log-format-upstream: $remote_addr - [$remote_addr] - $remote_user [$time_local]
"$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length
$request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length
$upstream_response_time $upstream_status $req_id $host
max-worker-connections: "65536"
proxy-body-size: 20m
proxy-connect-timeout: "10"
reuse-port: "true"
server-tokens: "false"
ssl-redirect: "false"
use-forwarded-headers: "true" # 添加的配置
worker-cpu-affinity: auto
kind: ConfigMap
metadata:
creationTimestamp: "2020-08-11T03:15:20Z"
labels:
app: ack-ingress-nginx
chart: ack-ingress-nginx-1.34.2
component: controller
heritage: Helm
release: ack-ingress-nginx-intranet
name: ack-ingress-nginx-intranet-controller
namespace: infra
resourceVersion: "459751552"
selfLink: /api/v1/namespaces/infra/configmaps/ack-ingress-nginx-intranet-controller
uid: 8ba30676-e0cb-4ed9-83c0-406322b5116b