{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 来,给爷笑一个 的问题《Get visitors real IP in PHP app running behind Kub》','https://www.manongdao.com/q-960489.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am having issues getting the visitors real IP in my PHP app. I have Kubernetes running in Google Container Engine (master: 1.4.8, node: 1.4.7).
Service definition:
apiVersion: v1
kind: Service
metadata:
name: app-service
spec:
type: LoadBalancer # spawning google loadbalancer
selector:
name: app # running simple php/nginx container
ports:
- port: 80
targetPort: 80
How can it be that the X-Forwarded-For headers etc. don't get passed through to my php app? I am only getting back the source ip (in php REMOTE_ADDR), which is 10.0.1.1. In Google Cloud I can see the service is using a layer 4 load balancer. Could this be the issue that the real source ip is lost and the X-Forwarded-For header never gets set?
If someone could explain me what is going on, that would be super helpful!
For what its worth, I am using the following nginx configuration in my app container:
location ~ \.php$ {
fastcgi_pass php-upstream;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
}
EDIT
I have put my whole application behind CloudFlare, so it is now pointing from CloudFlare http proxy -> GCE Load Balancer. And somehow the X-Forwarded-For headers and all are present! For me it seems like the issue is with the GCE Load Balancer, it is somehow unable to set those headers?
A new feature was added to Kubernetes 1.5:
More details are available here and boil down to adding an annotation for services of type
loadbalancer:This will open a healthcheck port on the node, to verify if service endpoints are available on the node.
More details on how this issue is rolled out to other clusters seems to be available on kubernetes/features issue tracking this feature.
Note: Question seems similar to StackOverflow/Kubernetes-not-preserving-source-ip