You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: site/content/how-to/data-plane-configuration.md
+11-9Lines changed: 11 additions & 9 deletions
Original file line number
Diff line number
Diff line change
@@ -158,13 +158,13 @@ as arguments and add `/bin/sh` as the command. The deployment manifest should lo
158
158
...
159
159
```
160
160
161
-
###Configure RewriteClientIP settings
161
+
## Configure PROXY protocol and RewriteClientIP settings
162
162
163
-
When the request is passed through multiple proxies or load balancers, the client IP is set to the IP address of the server that last handled the request. To preserve the original client IP address, you can configure `RewriteClientIP` settings in `NginxProxy` resource. `RewriteClientIP` has the fields: _mode_, _trustedAddresses_ and _setIPRecursively_.
163
+
When the request is passed through multiple proxies or load balancers, the client IP is set to the IP address of the server that last handled the request. To preserve the original client IP address, you can configure `RewriteClientIP` settings in the `NginxProxy` resource. `RewriteClientIP` has the fields: _mode_, _trustedAddresses_ and _setIPRecursively_.
164
164
165
165
**Mode** determines how the original client IP is passed through multiple proxies and the way load balancer is set to receive it. It can have two values:
166
166
167
-
1.`ProxyProtocol` is a protocol that carries connection information from the source requesting the connection to the destination for which the connection was requested.
167
+
1.`ProxyProtocol` is a protocol that carries connection information from the source requesting the connection to the destination for which the connection was requested.
168
168
2.`XForwardedFor` is a multi-value HTTP header that is used by proxies to append IP addresses of the hosts that passed the request.
169
169
170
170
The choice of mode depends on how the load balancer fronting NGINX Gateway Fabric receives information.
@@ -186,14 +186,16 @@ spec:
186
186
rewriteClientIP:
187
187
mode: XForwardedFor
188
188
setIPRecursively: true
189
-
trustedAddresses: [
190
-
{ type: CIDR, value: ":1/128" },
191
-
{ type: IPAddress, value: "192.68.74.32"},
192
-
{ type: Hostname, value: "cafe.com"},
193
-
]
189
+
trustedAddresses:
190
+
- type: CIDR
191
+
value: ":1/28"
192
+
- type: IPAddress
193
+
value: "192.68.74.28"
194
+
- type: Hostname
195
+
value: "cafe.com"
194
196
EOF
195
197
```
196
198
197
199
For more information, see the `NginxProxy spec` in the [API reference]({{< relref "reference/api.md" >}}).
198
200
199
-
{{< note >}} When sending curl request to a server expecting proxy information, use the flag `--harproxy-protocol` to avoid broken header errors. {{< /note >}}
201
+
{{< note >}} When sending curl requests to a server expecting proxy information, use the flag `--harproxy-protocol` to avoid broken header errors. {{< /note >}}
0 commit comments