在kubernetes上运行的traefik AWS ELB上的真实IP
我已经在EKS集群(v1.13)上部署了一个服务,该集群配置了traefik(v1.7)。我已将源IP列为白名单,并在ELB上启用了Proxyprotocol。我无法获得客户的真实IP。下面是我如何配置的 特拉菲克在kubernetes上运行的traefik AWS ELB上的真实IP,kubernetes,amazon-elb,traefik,amazon-eks,traefik-ingress,Kubernetes,Amazon Elb,Traefik,Amazon Eks,Traefik Ingress,我已经在EKS集群(v1.13)上部署了一个服务,该集群配置了traefik(v1.7)。我已将源IP列为白名单,并在ELB上启用了Proxyprotocol。我无法获得客户的真实IP。下面是我如何配置的 特拉菲克 [entryPoints.https.whiteList] sourceRange = ["10.100.0.0/16"] useXForwardedFor = true [entryPoints.https.proxyProtocol] trustedIPs = ["1
[entryPoints.https.whiteList]
sourceRange = ["10.100.0.0/16"]
useXForwardedFor = true
[entryPoints.https.proxyProtocol]
trustedIPs = ["10.100.0.0/16"]
[entryPoints.https.forwardedHeaders]
trustedIPs = ["10.100.0.0/16"]
入口对象:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: test-nginx
annotations:
kubernetes.io/ingress.class: "test-dev"
traefik.ingress.kubernetes.io/preserve-host: "true"
ingress.kubernetes.io/whitelist-x-forwarded-for: "true"
traefik.ingress.kubernetes.io/whitelist-source-range: "10.100.0.0/16"
spec:
rules:
- host: test-nginx.example.com
http:
paths:
- path: /
backend:
serviceName: nginx-headers
servicePort: 80
输出:
$ curl https://test-nginx.example.com/
Hostname: nginx-headers-5f544s5cc3-sl5c6
IP: 127.0.0.1
IP: 10.100.0.57
GET / HTTP/1.1
Host: test-nginx.example.com
User-Agent: curl/7.64.1
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 54.31.147.124, 10.100.0.57
X-Forwarded-Host: test-nginx.example.com
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: test-dev-traefik-7549d898bc-ttjf4
X-Real-Ip: 10.100.0.57
我是不是遗漏了什么?任何帮助都将不胜感激。我知道这不是一个安全的解决方案,但至少您将看到真正的IP并可以继续调试
[entryPoints.https.whiteList]
sourceRange = ["0.0.0.0/0"]
useXForwardedFor = true
[entryPoints.https.proxyProtocol]
trustedIPs = ["0.0.0.0/0"]
[entryPoints.https.forwardedHeaders]
trustedIPs = ["0.0.0.0/0]
及注释:
traefik.ingress.kubernetes.io/whitelist-source-range: "0.0.0.0/0"
它在Docker Swarm中对我有效我知道这不是一个安全的解决方案,但至少你会看到真正的IP并可以继续调试
[entryPoints.https.whiteList]
sourceRange = ["0.0.0.0/0"]
useXForwardedFor = true
[entryPoints.https.proxyProtocol]
trustedIPs = ["0.0.0.0/0"]
[entryPoints.https.forwardedHeaders]
trustedIPs = ["0.0.0.0/0]
及注释:
traefik.ingress.kubernetes.io/whitelist-source-range: "0.0.0.0/0"
这对我在Docker Swarm很有效嗨,你解决过这个问题吗?我也有同样的问题嗨,你解决过这个问题吗?我也有同样的问题