Kong :: Client IP missing in X-FORWARDED-FOR

1.8k views Asked by At

Using Kong ingress controller (v2.1) in Kubernetes. Running in Digital Ocean.

The problem is that client IP is missing in X-FORWARDED-FOR header for HTTPS request, yet present on the HTTP request. I need to be able to see the IP on the HTTPS requests as well.

The value received in X-FORWARDED-FOR header on HTTP request is "<the-client-ip>, <the-k8s-node-ip>". Yet in case of HTTPS request the value is "<the-k8s-node-ip>". The client-ip is lost.

Kong installed using Help. The most relevant part of config is:

proxy:
  enabled: true
  http:
    enabled: true
  annotations:
    service.beta.kubernetes.io/do-loadbalancer-protocol: "http"
    service.beta.kubernetes.io/do-loadbalancer-algorithm: "round_robin"
    service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
    service.beta.kubernetes.io/do-loadbalancer-tls-passthrough: "true"
1

There are 1 answers

3
Artem Timchenko On BEST ANSWER

The problem is with the SLL Passthrough. You can't modify headers when using this configuration. You should rather use SSL termination, unless you have some specific compliance requirements.

Checkout the doc for more: https://www.digitalocean.com/docs/networking/load-balancers/how-to/ssl-passthrough/