Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

X-Real-IP and X-Forwarded-For missing #800

Closed
totallyunknown opened this issue May 31, 2017 · 11 comments
Closed

X-Real-IP and X-Forwarded-For missing #800

totallyunknown opened this issue May 31, 2017 · 11 comments

Comments

@totallyunknown
Copy link

I've upgraded from 0.9.0-beta5 to beta 7 and I don't see any X-Real-IP or X-Forwarded-For-Header anymore.

beta5:

Host: hostname.foo
X-Real-IP: 79.192.218.180
X-Forwarded-For: 79.192.218.180, 79.192.218.180
X-Forwarded-Host: hostname.foo
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Original-URI: /
X-Scheme: https

beta 6/7:

Host: hostname.foo
X-Forwarded-Host: hostname.foo
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Original-URI: /
X-Scheme: https

SSL is terminated by an AWS ELB. No proxy protocol is used.
@aledbf
Copy link
Member

aledbf commented May 31, 2017

I am working in adding e2e test to the ingress controller in order to avoid all this regressions we are having. #801

@andor44
Copy link

andor44 commented May 31, 2017

I believe this is the change that caused the issue.

If you set X-Forwarded-Proto to https those map statements make it so that X-Forwarded-For and X-Real-IP are passed down to the backends only if you have the backends using proxy-protocol (see "use proxy-protocol" here), because without it the value of $proxy_protocol_addr will be empty. In my opinion if the header is already present and it matches with the trusted addresses it shouldn't be overwritten like that.

@weitzj
Copy link
Contributor

weitzj commented Jun 8, 2017

I am using quay.io/aledbf/nginx-ingress-controller:0.132 and seem to get X-Real-IP alright.

@andor44
Copy link

andor44 commented Jun 8, 2017

@weitzj negative, I can't confirm that. I tried, and passing X-Forwarded-Proto: https still results in both X-Forwarded-For and X-Real-IP being swallowed with that image. Which makes sense since the map statements haven't been touched: nginx-0.9.0-beta.7...master#diff-b7803798d356c6c17a90d93cc58bdbaa

This was referenced Jun 15, 2017
Closed
Closed
@aledbf
Copy link
Member

aledbf commented Jun 21, 2017
edited
Loading

@totallyunknown please update the image to quay.io/aledbf/nginx-ingress-controller:0.148
Fix in #890

@aledbf
Copy link
Member

aledbf commented Jun 21, 2017

Closing. Please reopen if you still have issues

@aledbf aledbf closed this as completed Jun 21, 2017
@totallyunknown
Copy link
Author

Thanks. It's working with quay.io/aledbf/nginx-ingress-controller:0.148. But it looks like, the fix is not included in 0.9.0-beta-9?

@aledbf
Copy link
Member

aledbf commented Jun 26, 2017

The fix is in master https://github.com/kubernetes/ingress/blob/master/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl#L138 and included in the PR for 0.9.0-beta-9

@aledbf
Copy link
Member

aledbf commented Jun 26, 2017

PR #905

@totallyunknown
Copy link
Author

Thanks, I've took a look into the Changelog and #890 isn't listed - that why I was asking.

@aledbf
Copy link
Member

aledbf commented Jun 26, 2017

@totallyunknown sorry, the issues are not sorted https://github.com/kubernetes/ingress/pull/905/files#diff-2b00570d6a55cbb418bfb30203d59114R25

@ferminromero ferminromero mentioned this issue Jun 26, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@aledbf @andor44 @weitzj @totallyunknown