How to append Nginx IP to X-Forwarded-For in Kubernetes Nginx Ingress Controller

Question

I’’m wondering “How to append Nginx IP to X-Forwarded-For”

I added snippet in Ingress annotation.

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: ing
  annotations:
    nginx.ingress.kubernetes.io/configuration-snippet: |
      proxy_set_header X-Forwarded-For "$remote_addr, $server_addr";

But it seems to double set in nginx.conf.

    proxy_set_header X-Forwarded-For        $remote_addr;
...
    proxy_set_header X-Forwarded-For "$remote_addr, $server_addr";

So my backend server will get two X-Forwarded-For

Anyone knows “How to disable the proxy_set_header part generated by Nginx Ingress Controller”?

        proxy_set_header X-Request-ID           $req_id;
        proxy_set_header X-Real-IP              $remote_addr;

        proxy_set_header X-Forwarded-For        $remote_addr;

        proxy_set_header X-Forwarded-Host       $best_http_host;
        proxy_set_header X-Forwarded-Port       $pass_port;
        proxy_set_header X-Forwarded-Proto      $pass_access_scheme;

        proxy_set_header X-Scheme               $pass_access_scheme;

Try setting use-forwarded-headers to false kubernetes.github.io/ingress-nginx/user-guide/… — Arghya Sadhu
Other option try hide-headers kubernetes.github.io/ingress-nginx/user-guide/… — Arghya Sadhu

Mark Watney Mark Watney · Accepted Answer · 2020-06-12T14:12:03

Your configuration snippet is not being doubled, actually what is happening is that proxy_set_header X-Forwarded-For $remote_addr; is already set by default when you deploy NGINX Controller in your cluster.

In order to disable this default setting, you need to use a custom template.

By doing this, you can have a nginx.conf free of proxy_set_header X-Forwarded-For $remote_addr; so you can set it as you need using the annotation you have described.

How to append Nginx IP to X-Forwarded-For in Kubernetes Nginx Ingress Controller

2 Answers