I'm running into an issue with an nginx ingress controller (ingress-nginx v0.44.0) on EKS where the X-Forwarded-* headers are set to the kubernetes worker node the controller pod is running on as opposed to the details of the request of the actual user hitting the controller itself. As we're terminating our SSL on the ingress controller this means the 'X-Forwarded-Proto' is set to 'http' instead of 'https' which causes issues on the application pods.

I deployed a test pod which returns the headers it received to confirm the issue and I can see these headers having been received:

X-Forwarded-For: <ip of the eks worker node>
X-Forwarded-Host: foo.bar.net
X-Forwarded-Port: 8000
X-Forwarded-Proto: http

I was expecting these though:

X-Forwarded-For: <ip of the origin of the original request>
X-Forwarded-Host: foo.bar.net
X-Forwarded-Port: 443
X-Forwarded-Proto: https

Now, we do have an old legacy cluster running an older nginx ingress controller (nginx-ingress v0.34.1) which does actually behave as I expected, but I'm struggling to find how this has been configured to make it do this correctly. I did notice that the nginx.conf of this controller contains the 'full_x_forwarded_proto' variable identically as described here but I can't find any place where this is configured as in a configmap or similar.

map $http_x_forwarded_proto $full_x_forwarded_proto {
  default $http_x_forwarded_proto;
  "" $scheme;
}

Does anybody have any suggestions how I can configure nginx to send the correct 'X-Forwarded-*' headers?