-
Notifications
You must be signed in to change notification settings - Fork 100
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds configuration to retain client IP information #2284
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #2284 +/- ##
==========================================
+ Coverage 89.21% 89.34% +0.12%
==========================================
Files 100 100
Lines 7539 7628 +89
Branches 50 50
==========================================
+ Hits 6726 6815 +89
Misses 756 756
Partials 57 57 ☔ View full report in Codecov by Sentry. |
58e4b21
to
7fb59de
Compare
Be sure to link the issue associated with this PR in the description. |
This PR is stale because it has been open 14 days with no activity. Remove stale label or comment or this will be closed in 14 days. |
2a818c9
to
513b580
Compare
8835f3a
to
7bfedbe
Compare
3599ee2
to
a531369
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@salonichf5 I'm not done reviewing yet, but here's a partial review to get you started.
We also want to be setting the following headers for grpc and http:
I would add these headers to the http and grpc base headers here: https://github.com/nginxinc/nginx-gateway-fabric/blob/82e7591eec857ec3cdd8d188be14cd91dc0e72ab/internal/mode/static/nginx/config/servers.go#L27 |
e1c0421
to
64f1278
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a couple nits, otherwise looks good!
beeb01d
to
9e8af07
Compare
✅ All required contributors have signed the F5 CLA for this PR. Thank you! |
recheck |
I have hereby read the F5 CLA and agree to its terms |
Co-authored-by: Kate Osborn <[email protected]>
Co-authored-by: Kate Osborn <[email protected]>
Co-authored-by: Kate Osborn <[email protected]>
Co-authored-by: Kate Osborn <[email protected]>
Co-authored-by: Kate Osborn <[email protected]>
b1cdb27
to
8f67038
Compare
Proposed changes
Problem: As a user, I want to be able to retain client IP information when a requests comes in to NGF.
Solution: Introduces configuration that allows retaining client IP information using the real_ip module.
Testing: Manual testing with example and TLS-Passthrough combined
nginx-proxy-config
nginx.conf
curl requests sent to load balance with the expectation that NGINX will preserve the original client IP(my system's IP)
nginx-proxy-config
curl requests sent to load balance with the expectation that NGINX will NOT preserve the original client IP(my system's IP) since trusted addresses list does not contain load balancers IP
nginx-proxy-config
nginx.conf
curl request being sent with the assumption that XforwardedFor left most IP will be returned if LB IP is in
X-Fowarded-For
headerscurl being sent with recursive turned off with the expectation
X-Real-IP
will return LB's IP and not recursively search for the IP before.NOTE Without the
--haproxy-protocol
flag, nginx will throw an error since no proxy details from client is passedPlease focus on (optional): If you any specific areas where you would like reviewers to focus their attention or provide
specific feedback, add them here.
Closes #1406
Checklist
Before creating a PR, run through this checklist and mark each as complete.
Release notes
If this PR introduces a change that affects users and needs to be mentioned in the release notes,
please add a brief note that summarizes the change.