Get requesters source IP

10/8/2018

Issue:

  • x-forwarded-for http header just shows 127.0.0.1 instead of the original ip

Setup

  • GKE
  • gitlab ingress controller

Details

I tried to adapt the ingress rule with nginx CORS enablement but no success.

Here my ingress Annotation for the service:

nginx.ingress.kubernetes.io/cors-allow-headers: X-Forwarded-For
nginx.ingress.kubernetes.io/cors-allow-methods: PUT, GET, POST, OPTIONS

And here the output via echoheaders app:

Hostname: backend-78dd9d4ffd-cwkvv

Pod Information:
    -no pod information available-

Server values:
    server_version=nginx: 1.13.3 - lua: 10008

Request Information:
    client_address=10.60.8.16
    method=GET
    real path=/
    query=
    request_version=1.1
    request_scheme=http
    request_uri=[REDACTED]

Request Headers:
    accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
    accept-encoding=gzip, deflate, br
    accept-language=en-GB,en-US;q=0.9,en;q=0.8
    cache-control=max-age=0
    connection=close
    cookie=_ga=[REDACTED]
    host=[REDACTED]
    upgrade-insecure-requests=1
    user-agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
    x-forwarded-for=127.0.0.1 <--- why doesn't it show the source IP?
    x-forwarded-host=[REDACTED]
    x-forwarded-port=443
    x-forwarded-proto=https
    x-original-uri=/
    x-real-ip=127.0.0.1 <--- why doesn't it show the source IP?
    x-scheme=https

Request Body:
    -no body in request-
-- Roderick Jonsson
gitlab
kubernetes
kubernetes-ingress
nginx
nginx-ingress

1 Answer

10/8/2018

X-forwarded-for should work out of the box with the nginx ingress controller. This works for me:

$ curl -H 'Host: foo.bar'  aws-load-balancer.us-west-2.elb.amazonaws.com/first


Hostname: http-svc-xxxxxxxxxx-xxxxx

Pod Information:
    node name:  ip-172-x-x-x.us-west-2.compute.internal
    pod name:   http-svc-xxxxxxxxx-xxxxx
    pod namespace:  default
    pod IP: 192.168.x.x

Server values:
    server_version=nginx: 1.13.3 - lua: 10008

Request Information:
    client_address=192.168.x.x
    method=GET
    real path=/first
    query=
    request_version=1.1
    request_uri=http://foo.bar:8080/first

Request Headers:
    accept=*/*
    connection=close
    host=foo.bar
    user-agent=curl/7.58.0
    x-forwarded-for=x.x.x.x <- public IP address
    x-forwarded-host=foo.bar
    x-forwarded-port=80
    x-forwarded-proto=http
    x-original-uri=/first
    x-real-ip=x.x.x.x < - same IP as x-forwarded-for
    x-request-id=xxxxxxxxxxxxxxxxxx
    x-scheme=http

Request Body:
    -no body in request-

There are a few things you can try:

  • If you are enabling CORS you need to also need the enable annotation:

    nginx.ingress.kubernetes.io/enable-cors: "true"
  • There's a use-forwarded-headers config option for nginx on your ingress controller that might need to be enabled. This would get enabled on the ConfigMap used by your nginx ingress controller.

-- Rico
Source: StackOverflow