小贝子编程

如何使用 NGINX 入口控制器从 Cloudflare 恢复原始客户端 IP



我正在使用Cloudflare作为CDN,它隐藏了客户端的真实IP地址我正在使用NGINX入口控制器作为在Google Kubernetes引擎中运行的负载均衡器所以我正在尝试恢复原始 IP 地址并尝试点击此链接 https://support.cloudflare.com/hc/en-us/articles/200170706-How-do-I-restore-original-visitor-IP-with-Nginx-我如何在我的 Nginx 入口的配置映射中实现这一点,因为我需要同一个键"set-real-ip-from"的多个值?

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingressname
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/affinity: "cookie"
    nginx.ingress.kubernetes.io/session-cookie-name: "route"
    nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
    nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
spec:
  tls:
  - hosts:
    - example.com
    secretName: sslcertificate
  rules:
  - host: example.com
    http:
      paths:
      - backend:
          serviceName: service
          servicePort: 80
        path: /

我也遇到了这个问题,花了很长时间才修复,但显然我所需要的只是这个配置:

apiVersion: v1
data:
  # Cloudflare IP ranges which you can find on https://www.cloudflare.com/ips/
  proxy-real-ip-cidr: "173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32"
  # This is the important part
  use-forwarded-headers: "true"
  # Still works without this line because it defaults to X-Forwarded-For, but I use it anyways
  forwarded-for-header: "CF-Connecting-IP"
kind: ConfigMap
metadata:
  name: nginx-configuration
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

IMO 从文档中看,这一切都非常不清楚。我不得不搜索大量问题和实际模板文件本身才能弄清楚。

为了

X-Forwarded-For标头中检索数据并获取客户端的真实IP地址,您必须启用代理协议,特别是Nginx入口控制器ConfigMap,然后为访问者添加IP/网络。

apiVersion: v1
data:
  proxy-real-ip-cidr: 103.21.244.0/22,103.22.200.0/22,103.31.4.0/22
  use-proxy-protocol: "true"
kind: ConfigMap
metadata:
  labels:
    app: nginx-ingress
  name: nginx-ingress-controller
  namespace: default

希望这对您有所帮助!

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium