我正在使用Cloudflare作为CDN,它隐藏了客户端的真实IP地址我正在使用NGINX入口控制器作为在Google Kubernetes引擎中运行的负载均衡器所以我正在尝试恢复原始 IP 地址并尝试点击此链接 https://support.cloudflare.com/hc/en-us/articles/200170706-How-do-I-restore-original-visitor-IP-with-Nginx-我如何在我的 Nginx 入口的配置映射中实现这一点,因为我需要同一个键"set-real-ip-from"的多个值?
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingressname
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/session-cookie-name: "route"
nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
spec:
tls:
- hosts:
- example.com
secretName: sslcertificate
rules:
- host: example.com
http:
paths:
- backend:
serviceName: service
servicePort: 80
path: /
我也遇到了这个问题,花了很长时间才修复,但显然我所需要的只是这个配置:
apiVersion: v1
data:
# Cloudflare IP ranges which you can find on https://www.cloudflare.com/ips/
proxy-real-ip-cidr: "173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32"
# This is the important part
use-forwarded-headers: "true"
# Still works without this line because it defaults to X-Forwarded-For, but I use it anyways
forwarded-for-header: "CF-Connecting-IP"
kind: ConfigMap
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
IMO 从文档中看,这一切都非常不清楚。我不得不搜索大量问题和实际模板文件本身才能弄清楚。
从X-Forwarded-For
标头中检索数据并获取客户端的真实IP地址,您必须启用代理协议,特别是Nginx入口控制器ConfigMap,然后为访问者添加IP/网络。
apiVersion: v1
data:
proxy-real-ip-cidr: 103.21.244.0/22,103.22.200.0/22,103.31.4.0/22
use-proxy-protocol: "true"
kind: ConfigMap
metadata:
labels:
app: nginx-ingress
name: nginx-ingress-controller
namespace: default
希望这对您有所帮助!