Question

How Can get client real-ip for domain in cloudflare [and working as reverse proxy] , and i use Ingress Nginx in DigitalOcean K8S

Hello, All

I am using DigitalOcean K8s Cluster with Nginx Ingress Controller, I edited configMap: ingress-nginx-controller with:

  *real-ip-header: X-Forwarded-For
  set-real-ip-from-0: 103.21.244.0/22
  set-real-ip-from-1: 103.22.200.0/22
  set-real-ip-from-2: 103.31.4.0/22
  set-real-ip-from-3: 104.16.0.0/13
  set-real-ip-from-4: 104.24.0.0/14
  set-real-ip-from-5: 108.162.192.0/18
  set-real-ip-from-6: 131.0.72.0/22
  set-real-ip-from-7: 141.101.64.0/18
  set-real-ip-from-8: 162.158.0.0/15
  set-real-ip-from-9: 172.64.0.0/13
  set-real-ip-from-10: 173.245.48.0/20
  set-real-ip-from-11: 188.114.96.0/20
  set-real-ip-from-12: 190.93.240.0/20
  set-real-ip-from-13: 197.234.240.0/22
  set-real-ip-from-14: 198.41.128.0/17
  use-forwarded-headers: "true"
  use-proxy-protocol: "true"*

then rollout ingress deployment but when get new pod logs:

84a9091494f6aeb7c938d295fa503b2
172.68.234.19 - - [28/Nov/2024:10:08:47 +0000] "POST /socket.io/?EIO=4&transport=polling&t=PDoFgdm&sid=SxRtQLoOatr5Uy9pEh0B HTTP/2.0" 400 41 "https://domain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" 100 0.001 [prod-80] [] 10.244.20.96:3000 52 0.001 400 7aeab46024eac9af3f56b699b8ebdb68

**172.70.46.89** - - [28/Nov/2024:10:08:47 +0000] "POST /create HTTP/2.0" 204 0 "-" "GuzzleHttp/7" 904 0.002 [rod-80] [] 10.244.20.46:3000, 10.244.20.97:3000 0, 0 0.001, 0.002 502, 204 646ab2993301a2c05f023b8ec91fe8aa 
172.71.103.93 - - [28/Nov/2024:10:08:48 +0000] "POST /orders/unread-created HTTP/2.0" 200 0 "-" "GuzzleHttp/7" 460 0.002 [prod-80] [] 10.244.20.96:3000 0 0.002 200 83b8f4922a5ac8a2f61d74316195f6ca
172.70.46.138 - - [28/Nov/2024:10:08:48 +0000] "POST /unread-created HTTP/2.0" 200 0 "-" "GuzzleHttp/7" 461 0.003 [prod-80] [] 10.244.20.96:3000 0 0.002 200 76f2f7d246311af7bc373d0f0c01feb3
172.71.99.205 - - [28/Nov/2024:10:08:48 
2024/11/28 10:08:48 [error] 447#447: *2687894 connect() failed (111: Connection refused) while connecting to upstream, client: 172.70.47.138, server: domain.com, request: "POST /create HTTP/2.0", upstream: "http://POD-IP:3000/create", host: "domain.com"

Still, I can’t get client’s real IP? And I need this approach to use whitelist-source-range for ingress resources to allow only trusted IPs.


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.