You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: site/content/how-to/data-plane-configuration.md
+6-11Lines changed: 6 additions & 11 deletions
Original file line number
Diff line number
Diff line change
@@ -160,7 +160,7 @@ as arguments and add `/bin/sh` as the command. The deployment manifest should lo
160
160
161
161
## Configure PROXY protocol and RewriteClientIP settings
162
162
163
-
When the request is passed through multiple proxies or load balancers, the client IP is set to the IP address of the server that last handled the request. To preserve the original client IP address, you can configure `RewriteClientIP` settings in the `NginxProxy` resource. `RewriteClientIP` has the fields: _mode_, _trustedAddresses_ and _setIPRecursively_.
163
+
When a request is passed through multiple proxies or load balancers, the client IP is set to the IP address of the server that last handled the request. To preserve the original client IP address, you can configure `RewriteClientIP` settings in the `NginxProxy` resource. `RewriteClientIP` has the fields: _mode_, _trustedAddresses_ and _setIPRecursively_.
164
164
165
165
**Mode** determines how the original client IP is passed through multiple proxies and the way the load balancer is set to receive it. It can have two values:
166
166
@@ -173,7 +173,7 @@ The choice of mode depends on how the load balancer fronting NGINX Gateway Fabri
173
173
174
174
**SetIPRecursively** is a boolean field used to enable recursive search when selecting the client's address from a multi-value header. It is applicable in cases where we have a multi-value header containing client IPs to select from, i.e., when using `XForwardedFor` mode.
175
175
176
-
The following command creates an `NginxProxy` resource with `RewriteClientIP` settings that set the mode to XForwardedFor, enables recursive search for finding the client IP and sets a CIDR, IPAddress and Hostname in the list of trusted addresses to find the original client IP address.
176
+
The following command creates an `NginxProxy` resource with `RewriteClientIP` settings that set the mode to ProxyProtocol, sets a CIDR in the list of trusted addresses to find the original client IP address.
177
177
178
178
```yaml
179
179
kubectl apply -f - <<EOF
@@ -184,18 +184,13 @@ metadata:
184
184
spec:
185
185
config:
186
186
rewriteClientIP:
187
-
mode: XForwardedFor
188
-
setIPRecursively: true
187
+
mode: ProxyProtocol
189
188
trustedAddresses:
190
189
- type: CIDR
191
-
value: ":1/28"
192
-
- type: IPAddress
193
-
value: "192.68.74.28"
194
-
- type: Hostname
195
-
value: "cafe.com"
190
+
value "76.89.90.11/24"
196
191
EOF
197
192
```
198
193
199
-
For more information, see the `NginxProxy spec` in the [API reference]({{< relref "reference/api.md" >}}).
194
+
For the full configuration API, see the `NginxProxy spec` in the [API reference]({{< relref "reference/api.md" >}}).
200
195
201
-
{{< note >}} When sending curl requests to a server expecting proxy information, use the flag `--harproxy-protocol` to avoid broken header errors. {{< /note >}}
196
+
{{< note >}} When sending curl requests to a server expecting proxy information, use the flag `--haproxy-protocol` to avoid broken header errors. {{< /note >}}
0 commit comments