Skip to content

ingress losing real source IP when tls enabled #708

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
grantwnorman opened this issue May 11, 2017 · 4 comments
Closed

ingress losing real source IP when tls enabled #708

grantwnorman opened this issue May 11, 2017 · 4 comments

Comments

@grantwnorman
Copy link

grantwnorman commented May 11, 2017
edited
Loading

Followed the example at https://github.com/kubernetes/ingress/tree/master/examples/aws/nginx and created an ingress setup. I put an echoheaders service behind the ingress and get the correct real ip from the headers when hitting it with curl:

% curl http://www.mydomain.com
CLIENT VALUES:
client_address=100.96.21.40
command=GET
real path=/
query=nil
request_version=1.1
request_uri=http://www.mydomain.com:8080/

SERVER VALUES:
server_version=nginx: 1.10.0 - lua: 10001

HEADERS RECEIVED:
accept=*/*
connection=close
host=www.mydomain.com
user-agent=curl/7.51.0
x-forwarded-for=24.249.x.x
x-forwarded-host=www.mydomain.com
x-forwarded-port=80
x-forwarded-proto=http
x-original-uri=/
x-real-ip=24.249.x.x
x-scheme=http
BODY:
-no body in request-

But as soon as I add in tls, it no longer gives me the correct external IP, but resorts to a 127.0.0.1:

%curl https://www.mydomain.com
CLIENT VALUES:
client_address=100.96.21.40
command=GET
real path=/
query=nil
request_version=1.1
request_uri=http://www.mydomain.com:8080/

SERVER VALUES:
server_version=nginx: 1.10.0 - lua: 10001

HEADERS RECEIVED:
accept=*/*
connection=close
host=www.mydomain.com
user-agent=curl/7.51.0
x-forwarded-for=127.0.0.1
x-forwarded-host=www.mydomain.com
x-forwarded-port=443
x-forwarded-proto=https
x-original-uri=/
x-real-ip=127.0.0.1
x-scheme=https
BODY:
-no body in request-

Here is my ingress configuration with tls added in and it works in the browser

kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
  name: echo
  namespace: my-namespace
spec:
  rules:
  - host: www.mydomain.com
    http:
      paths:
      - backend:
          serviceName: echoheaders
          servicePort: 80
        path: /
  - host: mydomain.com
    http:
      paths:
      - backend:
          serviceName: echoheaders
          servicePort: 80
        path: /
  tls:
  - hosts:
    - www.mydomain.com
    - mydomain.com
    secretName: mydomain-rapidssl-2018
status:
  loadBalancer:
    ingress:
    - ip: 34.209.3.6
    - ip: 35.165.179.67

Is this something I am doing wrong here or is this a known issue?
@aledbf
Copy link
Member

aledbf commented May 11, 2017

@grantwnorman this a known issue being fixed

@grantwnorman
Copy link
Author

awesome, are there any issue numbers you could reference so I can follow the progress on this?

@grantwnorman
Copy link
Author

nm, I found it I think. Thanks!

@aledbf
Copy link
Member

aledbf commented May 13, 2017

Closing. Fix already in master

@aledbf aledbf closed this as completed May 13, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aledbf @grantwnorman